CVE-2009-2405

Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp03:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.2:ga:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:cp01:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:ga:*:*:*:*:*:*

History

21 Nov 2024, 01:04

Type Values Removed Values Added
References () http://secunia.com/advisories/35680 - Vendor Advisory () http://secunia.com/advisories/35680 - Vendor Advisory
References () http://secunia.com/advisories/37671 - Vendor Advisory () http://secunia.com/advisories/37671 - Vendor Advisory
References () http://securitytracker.com/id?1023315 - () http://securitytracker.com/id?1023315 -
References () http://www.osvdb.org/60898 - () http://www.osvdb.org/60898 -
References () http://www.osvdb.org/60899 - () http://www.osvdb.org/60899 -
References () http://www.securityfocus.com/bid/37276 - () http://www.securityfocus.com/bid/37276 -
References () https://bugzilla.redhat.com/show_bug.cgi?id=510023 - Patch () https://bugzilla.redhat.com/show_bug.cgi?id=510023 - Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/54700 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/54700 -
References () https://jira.jboss.org/jira/browse/JBAS-7105 - () https://jira.jboss.org/jira/browse/JBAS-7105 -
References () https://jira.jboss.org/jira/browse/JBPAPP-2274 - () https://jira.jboss.org/jira/browse/JBPAPP-2274 -
References () https://jira.jboss.org/jira/browse/JBPAPP-2284 - () https://jira.jboss.org/jira/browse/JBPAPP-2284 -
References () https://rhn.redhat.com/errata/RHSA-2009-1636.html - Patch () https://rhn.redhat.com/errata/RHSA-2009-1636.html - Patch
References () https://rhn.redhat.com/errata/RHSA-2009-1637.html - Patch () https://rhn.redhat.com/errata/RHSA-2009-1637.html - Patch
References () https://rhn.redhat.com/errata/RHSA-2009-1649.html - Patch () https://rhn.redhat.com/errata/RHSA-2009-1649.html - Patch
References () https://rhn.redhat.com/errata/RHSA-2009-1650.html - Patch () https://rhn.redhat.com/errata/RHSA-2009-1650.html - Patch

07 Nov 2023, 02:04

Type Values Removed Values Added
Summary Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information. Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information.

Information

Published : 2009-12-15 18:30

Updated : 2024-11-21 01:04


NVD link : CVE-2009-2405

Mitre link : CVE-2009-2405

CVE.ORG link : CVE-2009-2405


JSON object : View

Products Affected

redhat

  • jboss_enterprise_application_platform
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')