V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2009-1380
DEB
Medium

Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP…

CVSS
4.3
Medium
EPSS
0.02
p81
Published
2009-01-01
Updated
2009-01-01
Description

Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters.

Tags · CWE
XSS
CWE-79
CAPEC-63
CAPEC-85
CAPEC-209
CAPEC-588
CAPEC-591
CAPEC-592
Affected products
Glassfish-javamailGlassfish-javamailGlassfish-jaxbGlassfish-jaxbGlassfish-jsfGlassfish-jsfGlassfish-jsfGlassfish-jsfHibernate3Hibernate3Hibernate3Hibernate3Hibernate3-annotationsHibernate3-annotationsHibernate3-annotationsHibernate3-annotationsHibernate3-entitymanagerHibernate3-entitymanagerHibernate3-entitymanagerHibernate3-entitymanager
CVSS vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Timeline
2009-01-01
Published
2009-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: M
Medium
Authentication
Au: N
None (N)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: P
Partial
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.023 · p81
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
glassfish-javamailTracked
glassfish-javamailTracked
glassfish-jaxbTracked
glassfish-jaxbTracked
glassfish-jsfTracked
glassfish-jsfTracked
glassfish-jsfTracked
glassfish-jsfTracked
hibernate3Tracked
hibernate3Tracked
hibernate3Tracked
hibernate3Tracked
hibernate3-annotationsTracked
hibernate3-annotationsTracked
hibernate3-annotationsTracked
hibernate3-annotationsTracked
hibernate3-entitymanagerTracked
hibernate3-entitymanagerTracked
hibernate3-entitymanagerTracked
hibernate3-entitymanagerTracked
Showing first 20 of 94
Source databases
DEB
CVE
RED
UBU