17 lines
No EOL
770 B
Text
Executable file
17 lines
No EOL
770 B
Text
Executable file
source: http://www.securityfocus.com/bid/38913/info
|
|
|
|
Multiple SpringSource Products are prone to multiple HTML-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data.
|
|
|
|
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
|
|
|
|
The following are vulnerable:
|
|
|
|
Hyperic HQ 4.0 prior to 4.0.3.2
|
|
Hyperic HQ 4.1 prior to 4.1.2.1
|
|
Hyper HQ Open Source
|
|
Hyperic HQ 4.2 pre-release
|
|
tc Server 6.0.20.B and prior
|
|
AMS 2.0 prior to 2.0.0.SR4
|
|
|
|
Paste the following code into the description field:
|
|
<SCRIPT>alert("XSS Vulnerable")</SCRIPT> |