Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-3731

Published: 16/12/2009 Updated: 10/10/2018
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Webworks

Vulnerability Summary

Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 up to and including 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x prior to 4.0.1; VMware Stage Manager 1.x prior to 4.0.1; WebWorks Publisher 6.x up to and including 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x up to and including 9.3, 2008.1 up to and including 2008.4, and 2009.x prior to 2009.3 allow remote malicious users to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

Vulnerable Product Search on Vulmon Subscribe to Product

webworks epublisher 2009.2

webworks epublisher 2009.1

webworks epublisher 9.1

webworks epublisher 9.0

webworks publisher 7.0

webworks publisher 8.0

webworks epublisher 2008.4

webworks epublisher 2008.3

webworks help 2.0

webworks help 3.0

webworks epublisher 2008.2

webworks epublisher 2008.1

webworks help 4.0

webworks help 5.0

webworks epublisher 9.3

webworks epublisher 9.2

webworks publisher 2003

webworks publisher 6.0

vmware vcenter 4.0

vmware esx server 4.0

vmware lab manager 2.0

vmware stage manager

vmware vcenter lab manager 3.0

vmware vcenter lab manager 3.0.1

vmware vcenter lab manager 3.0.2

vmware vcenter lab manager 4.0

vmware server 2.0.2

vmware stage manager 1.0

vmware vcenter stage manager 1.0.1

References

CWE-79http://lists.vmware.com/pipermail/security-announce/2009/000073.htmlhttp://www.securityfocus.com/bid/37346http://www.webworks.com/Security/2009-0001/http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.htmlhttp://www.osvdb.org/62738http://secunia.com/advisories/38749http://www.osvdb.org/62741http://secunia.com/advisories/38842http://www.osvdb.org/62739http://www.osvdb.org/62740http://www.osvdb.org/62742http://securitytracker.com/id?1023683https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944http://www.securityfocus.com/archive/1/509883/100/0/threadedhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27977IMAPlocal usersCVE-2024-32038CVE-2023-49963CVE-2023-22869CVE-2024-31497localCVE-2024-2961
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook