First published: Tue Oct 13 2009(Updated: )
Cross-site scripting (XSS) vulnerability in the Alerts list feature in the web interface in SpringSource Hyperic HQ 3.2.x before 3.2.6.1, 4.0.x before 4.0.3.1, 4.1.x before 4.1.2.1, and 4.2-beta1; Application Management Suite (AMS) 2.0.0.SR3; and tc Server 6.0.20.B allows remote authenticated users to inject arbitrary web script or HTML via the Description field. NOTE: some of these details are obtained from third party information.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
SpringSource tc Server | =6.0.20-b | |
SpringSource Hyperic HQ | =3.2.0 | |
SpringSource Hyperic HQ | =4.0.0 | |
SpringSource Hyperic HQ | =4.2-beta_1 | |
SpringSource Hyperic HQ | =3.2-beta_1 | |
SpringSource Hyperic HQ | =3.2.2 | |
SpringSource Hyperic HQ | =3.2.5 | |
SpringSource Hyperic HQ | =4.1.1 | |
Springsource Application Management Suite | =2.0.0-sr3 | |
SpringSource Hyperic HQ | =3.2.1 | |
SpringSource Hyperic HQ | =3.2.3 | |
SpringSource Hyperic HQ | =4.1.2 | |
SpringSource Hyperic HQ | =4.0.2 | |
SpringSource Hyperic HQ | =4.1.0 | |
SpringSource Hyperic HQ | =3.2.6 | |
SpringSource Hyperic HQ | =4.0.1 | |
SpringSource Hyperic HQ | =4.0.3 | |
SpringSource Hyperic HQ | =3.2.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.