// For flags

CVE-2009-3731

 

Severity Score

4.3
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en WebWorks Help v2.0 a la v5.0 en VMware vCenter v4.0 anterior a Update 1 Build 208156; VMware Server v2.0.2; VMware ESX v4.0; VMware Lab Manager v2.x; VMware vCenter Lab Manager v3.x y v4.x anterior a v4.0.1; VMware Stage Manager v1.x anterior a v4.0.1; WebWorks Publisher v6.x a la v8.x; WebWorks Publisher 2003; y WebWorks ePublisher v9.0.x a la v9.3, 2008.1 a la 2008.4, y 2009.x anterior a 2009.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de (1) wwhelp_entry.html alcanzable a través d index.html y wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, o (5) el componente window.opener en wwhelp/wwhimpl/common/html/bookmark.htm, relacionado con (a) parámetros desconocidos y (b) mensajes usados en los enlaces de "topic" para la funcionalidad de marcadores.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-10-20 CVE Reserved
  • 2009-12-15 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-07 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
Vcenter
Search vendor "Vmware" for product "Vcenter"
4.0
Search vendor "Vmware" for product "Vcenter" and version "4.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
Windows
Search vendor "Microsoft" for product "Windows"
*-
Safe
Webworks
Search vendor "Webworks"
Epublisher
Search vendor "Webworks" for product "Epublisher"
9.0
Search vendor "Webworks" for product "Epublisher" and version "9.0"
-
Affected
Webworks
Search vendor "Webworks"
Epublisher
Search vendor "Webworks" for product "Epublisher"
9.1
Search vendor "Webworks" for product "Epublisher" and version "9.1"
-
Affected
Webworks
Search vendor "Webworks"
Epublisher
Search vendor "Webworks" for product "Epublisher"
9.2
Search vendor "Webworks" for product "Epublisher" and version "9.2"
-
Affected
Webworks
Search vendor "Webworks"
Epublisher
Search vendor "Webworks" for product "Epublisher"
9.3
Search vendor "Webworks" for product "Epublisher" and version "9.3"
-
Affected
Webworks
Search vendor "Webworks"
Epublisher
Search vendor "Webworks" for product "Epublisher"
2008.1
Search vendor "Webworks" for product "Epublisher" and version "2008.1"
-
Affected
Webworks
Search vendor "Webworks"
Epublisher
Search vendor "Webworks" for product "Epublisher"
2008.2
Search vendor "Webworks" for product "Epublisher" and version "2008.2"
-
Affected
Webworks
Search vendor "Webworks"
Epublisher
Search vendor "Webworks" for product "Epublisher"
2008.3
Search vendor "Webworks" for product "Epublisher" and version "2008.3"
-
Affected
Webworks
Search vendor "Webworks"
Epublisher
Search vendor "Webworks" for product "Epublisher"
2008.4
Search vendor "Webworks" for product "Epublisher" and version "2008.4"
-
Affected
Webworks
Search vendor "Webworks"
Epublisher
Search vendor "Webworks" for product "Epublisher"
2009.1
Search vendor "Webworks" for product "Epublisher" and version "2009.1"
-
Affected
Webworks
Search vendor "Webworks"
Epublisher
Search vendor "Webworks" for product "Epublisher"
2009.2
Search vendor "Webworks" for product "Epublisher" and version "2009.2"
-
Affected
Webworks
Search vendor "Webworks"
Help
Search vendor "Webworks" for product "Help"
2.0
Search vendor "Webworks" for product "Help" and version "2.0"
-
Affected
Webworks
Search vendor "Webworks"
Help
Search vendor "Webworks" for product "Help"
3.0
Search vendor "Webworks" for product "Help" and version "3.0"
-
Affected
Webworks
Search vendor "Webworks"
Help
Search vendor "Webworks" for product "Help"
4.0
Search vendor "Webworks" for product "Help" and version "4.0"
-
Affected
Webworks
Search vendor "Webworks"
Help
Search vendor "Webworks" for product "Help"
5.0
Search vendor "Webworks" for product "Help" and version "5.0"
-
Affected
Webworks
Search vendor "Webworks"
Publisher
Search vendor "Webworks" for product "Publisher"
6.0
Search vendor "Webworks" for product "Publisher" and version "6.0"
-
Affected
Webworks
Search vendor "Webworks"
Publisher
Search vendor "Webworks" for product "Publisher"
7.0
Search vendor "Webworks" for product "Publisher" and version "7.0"
-
Affected
Webworks
Search vendor "Webworks"
Publisher
Search vendor "Webworks" for product "Publisher"
8.0
Search vendor "Webworks" for product "Publisher" and version "8.0"
-
Affected
Webworks
Search vendor "Webworks"
Publisher
Search vendor "Webworks" for product "Publisher"
2003
Search vendor "Webworks" for product "Publisher" and version "2003"
-
Affected
Vmware
Search vendor "Vmware"
Esx Server
Search vendor "Vmware" for product "Esx Server"
4.0
Search vendor "Vmware" for product "Esx Server" and version "4.0"
-
Affected
Vmware
Search vendor "Vmware"
Lab Manager
Search vendor "Vmware" for product "Lab Manager"
2.0
Search vendor "Vmware" for product "Lab Manager" and version "2.0"
-
Affected
Vmware
Search vendor "Vmware"
Server
Search vendor "Vmware" for product "Server"
2.0.2
Search vendor "Vmware" for product "Server" and version "2.0.2"
-
Affected
Vmware
Search vendor "Vmware"
Stage Manager
Search vendor "Vmware" for product "Stage Manager"
<= 4.0
Search vendor "Vmware" for product "Stage Manager" and version " <= 4.0"
-
Affected
Vmware
Search vendor "Vmware"
Stage Manager
Search vendor "Vmware" for product "Stage Manager"
1.0
Search vendor "Vmware" for product "Stage Manager" and version "1.0"
-
Affected
Vmware
Search vendor "Vmware"
Vcenter Lab Manager
Search vendor "Vmware" for product "Vcenter Lab Manager"
3.0
Search vendor "Vmware" for product "Vcenter Lab Manager" and version "3.0"
-
Affected
Vmware
Search vendor "Vmware"
Vcenter Lab Manager
Search vendor "Vmware" for product "Vcenter Lab Manager"
3.0.1
Search vendor "Vmware" for product "Vcenter Lab Manager" and version "3.0.1"
-
Affected
Vmware
Search vendor "Vmware"
Vcenter Lab Manager
Search vendor "Vmware" for product "Vcenter Lab Manager"
3.0.2
Search vendor "Vmware" for product "Vcenter Lab Manager" and version "3.0.2"
-
Affected
Vmware
Search vendor "Vmware"
Vcenter Lab Manager
Search vendor "Vmware" for product "Vcenter Lab Manager"
4.0
Search vendor "Vmware" for product "Vcenter Lab Manager" and version "4.0"
-
Affected
Vmware
Search vendor "Vmware"
Vcenter Stage Manager
Search vendor "Vmware" for product "Vcenter Stage Manager"
1.0.1
Search vendor "Vmware" for product "Vcenter Stage Manager" and version "1.0.1"
-
Affected