CVE-2009-3731
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.
Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebWorks Help v2.0 a la v5.0 en VMware vCenter v4.0 anterior a Update 1 Build 208156; VMware Server v2.0.2; VMware ESX v4.0; VMware Lab Manager v2.x; VMware vCenter Lab Manager v3.x y v4.x anterior a v4.0.1; VMware Stage Manager v1.x anterior a v4.0.1; WebWorks Publisher v6.x a la v8.x; WebWorks Publisher 2003; y WebWorks ePublisher v9.0.x a la v9.3, 2008.1 a la 2008.4, y 2009.x anterior a 2009.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) wwhelp_entry.html alcanzable a través d index.html y wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, o (5) el componente window.opener en wwhelp/wwhimpl/common/html/bookmark.htm, relacionado con (a) parámetros desconocidos y (b) mensajes usados en los enlaces de "topic" para la funcionalidad de marcadores.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-10-20 CVE Reserved
- 2009-12-15 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (14)
URL | Tag | Source |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html | Mailing List | |
http://secunia.com/advisories/38749 | Third Party Advisory | |
http://secunia.com/advisories/38842 | Third Party Advisory | |
http://securitytracker.com/id?1023683 | Vdb Entry | |
http://www.osvdb.org/62738 | Vdb Entry | |
http://www.osvdb.org/62739 | Vdb Entry | |
http://www.osvdb.org/62740 | Vdb Entry | |
http://www.osvdb.org/62741 | Vdb Entry | |
http://www.osvdb.org/62742 | Vdb Entry | |
http://www.securityfocus.com/archive/1/509883/100/0/threaded | Mailing List | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944 | Signature |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.securityfocus.com/bid/37346 | 2018-10-10 | |
http://www.webworks.com/Security/2009-0001 | 2018-10-10 |
URL | Date | SRC |
---|---|---|
http://lists.vmware.com/pipermail/security-announce/2009/000073.html | 2018-10-10 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Vcenter Search vendor "Vmware" for product "Vcenter" | 4.0 Search vendor "Vmware" for product "Vcenter" and version "4.0" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | * | - |
Safe
|
Webworks Search vendor "Webworks" | Epublisher Search vendor "Webworks" for product "Epublisher" | 9.0 Search vendor "Webworks" for product "Epublisher" and version "9.0" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Epublisher Search vendor "Webworks" for product "Epublisher" | 9.1 Search vendor "Webworks" for product "Epublisher" and version "9.1" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Epublisher Search vendor "Webworks" for product "Epublisher" | 9.2 Search vendor "Webworks" for product "Epublisher" and version "9.2" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Epublisher Search vendor "Webworks" for product "Epublisher" | 9.3 Search vendor "Webworks" for product "Epublisher" and version "9.3" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Epublisher Search vendor "Webworks" for product "Epublisher" | 2008.1 Search vendor "Webworks" for product "Epublisher" and version "2008.1" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Epublisher Search vendor "Webworks" for product "Epublisher" | 2008.2 Search vendor "Webworks" for product "Epublisher" and version "2008.2" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Epublisher Search vendor "Webworks" for product "Epublisher" | 2008.3 Search vendor "Webworks" for product "Epublisher" and version "2008.3" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Epublisher Search vendor "Webworks" for product "Epublisher" | 2008.4 Search vendor "Webworks" for product "Epublisher" and version "2008.4" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Epublisher Search vendor "Webworks" for product "Epublisher" | 2009.1 Search vendor "Webworks" for product "Epublisher" and version "2009.1" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Epublisher Search vendor "Webworks" for product "Epublisher" | 2009.2 Search vendor "Webworks" for product "Epublisher" and version "2009.2" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Help Search vendor "Webworks" for product "Help" | 2.0 Search vendor "Webworks" for product "Help" and version "2.0" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Help Search vendor "Webworks" for product "Help" | 3.0 Search vendor "Webworks" for product "Help" and version "3.0" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Help Search vendor "Webworks" for product "Help" | 4.0 Search vendor "Webworks" for product "Help" and version "4.0" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Help Search vendor "Webworks" for product "Help" | 5.0 Search vendor "Webworks" for product "Help" and version "5.0" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Publisher Search vendor "Webworks" for product "Publisher" | 6.0 Search vendor "Webworks" for product "Publisher" and version "6.0" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Publisher Search vendor "Webworks" for product "Publisher" | 7.0 Search vendor "Webworks" for product "Publisher" and version "7.0" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Publisher Search vendor "Webworks" for product "Publisher" | 8.0 Search vendor "Webworks" for product "Publisher" and version "8.0" | - |
Affected
| ||||||
Webworks Search vendor "Webworks" | Publisher Search vendor "Webworks" for product "Publisher" | 2003 Search vendor "Webworks" for product "Publisher" and version "2003" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esx Server Search vendor "Vmware" for product "Esx Server" | 4.0 Search vendor "Vmware" for product "Esx Server" and version "4.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Lab Manager Search vendor "Vmware" for product "Lab Manager" | 2.0 Search vendor "Vmware" for product "Lab Manager" and version "2.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Server Search vendor "Vmware" for product "Server" | 2.0.2 Search vendor "Vmware" for product "Server" and version "2.0.2" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Stage Manager Search vendor "Vmware" for product "Stage Manager" | <= 4.0 Search vendor "Vmware" for product "Stage Manager" and version " <= 4.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Stage Manager Search vendor "Vmware" for product "Stage Manager" | 1.0 Search vendor "Vmware" for product "Stage Manager" and version "1.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Lab Manager Search vendor "Vmware" for product "Vcenter Lab Manager" | 3.0 Search vendor "Vmware" for product "Vcenter Lab Manager" and version "3.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Lab Manager Search vendor "Vmware" for product "Vcenter Lab Manager" | 3.0.1 Search vendor "Vmware" for product "Vcenter Lab Manager" and version "3.0.1" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Lab Manager Search vendor "Vmware" for product "Vcenter Lab Manager" | 3.0.2 Search vendor "Vmware" for product "Vcenter Lab Manager" and version "3.0.2" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Lab Manager Search vendor "Vmware" for product "Vcenter Lab Manager" | 4.0 Search vendor "Vmware" for product "Vcenter Lab Manager" and version "4.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Vcenter Stage Manager Search vendor "Vmware" for product "Vcenter Stage Manager" | 1.0.1 Search vendor "Vmware" for product "Vcenter Stage Manager" and version "1.0.1" | - |
Affected
|