V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2009-2405
DEB
Medium

Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Pl…

CVSS
4.3
Medium
EPSS
0.03
p82
Published
2009-01-01
Updated
2009-01-01
Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information.

Tags · CWE
XSS
CWE-79
CAPEC-63
CAPEC-85
CAPEC-209
CAPEC-588
CAPEC-591
CAPEC-592
Affected products
Glassfish-javamailGlassfish-javamailGlassfish-jaxbGlassfish-jaxbGlassfish-jsfGlassfish-jsfGlassfish-jsfGlassfish-jsfHibernate3Hibernate3Hibernate3Hibernate3Hibernate3-annotationsHibernate3-annotationsHibernate3-annotationsHibernate3-annotationsHibernate3-entitymanagerHibernate3-entitymanagerHibernate3-entitymanagerHibernate3-entitymanager
CVSS vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Timeline
2009-01-01
Published
2009-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: M
Medium
Authentication
Au: N
None (N)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: P
Partial
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.025 · p82
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
glassfish-javamailTracked
glassfish-javamailTracked
glassfish-jaxbTracked
glassfish-jaxbTracked
glassfish-jsfTracked
glassfish-jsfTracked
glassfish-jsfTracked
glassfish-jsfTracked
hibernate3Tracked
hibernate3Tracked
hibernate3Tracked
hibernate3Tracked
hibernate3-annotationsTracked
hibernate3-annotationsTracked
hibernate3-annotationsTracked
hibernate3-annotationsTracked
hibernate3-entitymanagerTracked
hibernate3-entitymanagerTracked
hibernate3-entitymanagerTracked
hibernate3-entitymanagerTracked
Showing first 20 of 94
Source databases
DEB
CVE
RED
UBU