CVE-2009-4848

{"id": "CVE-2009-4848", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-05-07T18:30:01.297", "references": [{"url": "http://secunia.com/advisories/37359", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt", "tags": ["Exploit"], "source": "[email protected]"}, {"url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded", "source": "[email protected]"}, {"url": "http://secunia.com/advisories/37359", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) userId parameter to tvserver/server/user/setPermissions.jsp, (2) deptName parameter to tvserver/server/user/addDepartment.jsp, (3) ID parameter to tvserver/server/inventory/inventoryTabs.jsp, (4) reportName parameter to tvserver/reports/virtualIQAdminReports.do, or (5) middleName parameter in a save action to tvserver/user/user.do."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en ToutVirtual VirtualIQ Pro v3.2 build 7882 y v3.5 build 8691, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro (1) userId sobre tvserver/server/user/setPermissions.jsp, (2) deptName sobre tvserver/server/user/addDepartment.jsp, (3) ID sobre tvserver/server/inventory/inventoryTabs.jsp, (4) reportName sobre tvserver/reports/virtualIQAdminReports.do, o (5) middleName en una acci\u00f3n \"save\" sobre tvserver/user/user.do."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:toutvirtual:virtualiq:3.2:-:pro:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EC29310-51F5-4D1C-B398-F08A102A7A45"}, {"criteria": "cpe:2.3:a:toutvirtual:virtualiq:3.5:-:pro:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAD9D8B2-EA53-47AF-8703-C9B8F2B2B9DC"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}