Multiple HTML-injection vulnerabilities in SpringSource Products

vendor:

Multiple SpringSource Products

by:

5.5

CVSS

MEDIUM

HTML Injection

CWE

Product Name: Multiple SpringSource Products

Affected Version From: Hyperic HQ 4.0 prior to 4.0.3.2, Hyperic HQ 4.1 prior to 4.1.2.1, Hyper HQ Open Source, Hyperic HQ 4.2 pre-release, tc Server 6.0.20.B and prior, AMS 2.0 prior to 2.0.0.SR4

Affected Version To:

Patch Exists: YES

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Multiple HTML-injection vulnerabilities in SpringSource Products

Multiple SpringSource Products are prone to multiple HTML-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data.Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

Mitigation:

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/38913/info

Multiple SpringSource Products are prone to multiple HTML-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

The following are vulnerable:

Hyperic HQ 4.0 prior to 4.0.3.2
Hyperic HQ 4.1 prior to 4.1.2.1
Hyper HQ Open Source
Hyperic HQ 4.2 pre-release
tc Server 6.0.20.B and prior
AMS 2.0 prior to 2.0.0.SR4 

Paste the following code into the description field:
<SCRIPT>alert("XSS Vulnerable")</SCRIPT>