header-logo
Suggest Exploit
vendor:
Multiple SpringSource Products
by:
5.5
CVSS
MEDIUM
HTML Injection
79
CWE
Product Name: Multiple SpringSource Products
Affected Version From: Hyperic HQ 4.0 prior to 4.0.3.2, Hyperic HQ 4.1 prior to 4.1.2.1, Hyper HQ Open Source, Hyperic HQ 4.2 pre-release, tc Server 6.0.20.B and prior, AMS 2.0 prior to 2.0.0.SR4
Affected Version To:
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Multiple HTML-injection vulnerabilities in SpringSource Products

Multiple SpringSource Products are prone to multiple HTML-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data.Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38913/info

Multiple SpringSource Products are prone to multiple HTML-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

The following are vulnerable:

Hyperic HQ 4.0 prior to 4.0.3.2
Hyperic HQ 4.1 prior to 4.1.2.1
Hyper HQ Open Source
Hyperic HQ 4.2 pre-release
tc Server 6.0.20.B and prior
AMS 2.0 prior to 2.0.0.SR4 

Paste the following code into the description field:
<SCRIPT>alert("XSS Vulnerable")</SCRIPT>