CVE-2009-2405

NONECVSS 0.0

0.0

Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information.

🔗 References (30)

secalert@redhathttp://secunia.com/advisories/35680
secalert@redhathttp://secunia.com/advisories/37671
secalert@redhathttp://securitytracker.com/id?1023315
secalert@redhathttp://www.osvdb.org/60898
secalert@redhathttp://www.osvdb.org/60899
secalert@redhathttp://www.securityfocus.com/bid/37276
secalert@redhathttps://bugzilla.redhat.com/show_bug.cgi?id=510023
secalert@redhathttps://exchange.xforce.ibmcloud.com/vulnerabilities/54700
secalert@redhathttps://jira.jboss.org/jira/browse/JBAS-7105
secalert@redhathttps://jira.jboss.org/jira/browse/JBPAPP-2274
secalert@redhathttps://jira.jboss.org/jira/browse/JBPAPP-2284
secalert@redhathttps://rhn.redhat.com/errata/RHSA-2009-1636.html
secalert@redhathttps://rhn.redhat.com/errata/RHSA-2009-1637.html
secalert@redhathttps://rhn.redhat.com/errata/RHSA-2009-1649.html
secalert@redhathttps://rhn.redhat.com/errata/RHSA-2009-1650.html

Is Your Infrastructure Affected by CVE-2009-2405?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2009-2405

📅 Published

🔄 Last Modified

🔗 References (30)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2009-2405?