Home

CVE-2009-1380

Description

Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP08 and 4.3 before 4.3.0.CP07 allows remote attackers to inject arbitrary web script or HTML via the filter parameter, related to the key property and the position of quote and colon characters.

Risk Information

Base Score
3.1
MODERATE
Vector
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.604

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2008-3519,CVE-2009-1380,CVE-2009-2405,CVE-2009-3554 are affected in Red Hat JBoss Enterprise Application Platform 7 4.2-cp01Windows
Vulnerabilities CVE-2008-3519,CVE-2009-1380,CVE-2009-2405,CVE-2009-3554 are affected in Red Hat JBoss Enterprise Application Platform 7 4.2-cp02Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0-cp01Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0-cp02Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0-cp03Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0-cp04Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0-cp05Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0-cp06Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp01Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp02Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp03Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp04Windows
Vulnerabilities CVE-2009-1380,CVE-2009-2405 are affected in Red Hat JBoss Enterprise Application Platform 7 4.2-cp03Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0-cp07Windows
Vulnerabilities CVE-2009-1380,CVE-2009-2405 are affected in Red Hat JBoss Enterprise Application Platform 7 4.3-cp01Windows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234