Home

CVE-2009-2405

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information.

Risk Information

Base Score
3.1
MODERATE
Vector
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
EPSS Score
Exploitation Probability
0.776

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2Windows
Vulnerabilities CVE-2008-3519,CVE-2009-1380,CVE-2009-2405,CVE-2009-3554 are affected in Red Hat JBoss Enterprise Application Platform 7 4.2-cp01Windows
Vulnerabilities CVE-2008-3519,CVE-2009-1380,CVE-2009-2405,CVE-2009-3554 are affected in Red Hat JBoss Enterprise Application Platform 7 4.2-cp02Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0-cp01Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0-cp02Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0-cp03Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0-cp04Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0-cp05Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0-cp06Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp01Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp02Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp03Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.3.0-cp04Windows
Vulnerabilities CVE-2009-1380,CVE-2009-2405 are affected in Red Hat JBoss Enterprise Application Platform 7 4.2-cp03Windows
Multiple Vulnerabilities are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.0-cp07Windows
Vulnerabilities CVE-2009-1380,CVE-2009-2405 are affected in Red Hat JBoss Enterprise Application Platform 7 4.3-cp01Windows
Vulnerabilities CVE-2009-2405,CVE-2009-3554 are affected in Red Hat JBoss Enterprise Application Platform 7 4.2.2-gaWindows
Vulnerabilities CVE-2009-2405 are affected in Red Hat JBoss Enterprise Application Platform 7 5.1.0-gaWindows

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234