First published: Wed Dec 16 2009(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
WebWorks Help | =4.0 | |
WebWorks Help | =2.0 | |
WebWorks Publisher | =2003 | |
WebWorks Publisher | =8.0 | |
WebWorks ePublisher | =2009.2 | |
WebWorks ePublisher | =2008.2 | |
WebWorks ePublisher | =2009.1 | |
WebWorks ePublisher | =9.1 | |
WebWorks Publisher | =6.0 | |
WebWorks ePublisher | =2008.1 | |
WebWorks ePublisher | =9.0 | |
WebWorks ePublisher | =2008.3 | |
WebWorks ePublisher | =9.3 | |
WebWorks Publisher | =7.0 | |
WebWorks ePublisher | =9.2 | |
WebWorks Help | =5.0 | |
WebWorks Help | =3.0 | |
WebWorks ePublisher | =2008.4 | |
VMware vCenter Lab Manager | =3.0.1 | |
VMware vCenter Lab Manager | =3.0.2 | |
VMware Stage Manager | =1.0 | |
Vmware Vcenter Stage Manager | =1.0.1 | |
VMware Lab Manager | =2.0 | |
VMware Server | =2.0.2 | |
VMware Stage Manager | <=4.0 | |
VMware vCenter Lab Manager | =3.0 | |
VMware ESX Server | =4.0 | |
VMware vCenter Lab Manager | =4.0 | |
VMware vCenter | =4.0 | |
Microsoft Windows |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.