CVE - CVE-2009-3731

CVE-ID
CVE-2009-3731	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:37346 URL:http://www.securityfocus.com/bid/37346 BUGTRAQ:20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues URL:http://archives.neohapsis.com/archives/bugtraq/2009-12/0229.html BUGTRAQ:20100304 CA20100304-01: Security Notice for CA SiteMinder URL:http://www.securityfocus.com/archive/1/509883/100/0/threaded CONFIRM:http://www.webworks.com/Security/2009-0001/ MLIST:[security-announce] 20091215 VMSA-2009-0017 VMware vCenter, ESX patch and vCenter Lab Manager releases address cross-site scripting issues URL:http://lists.vmware.com/pipermail/security-announce/2009/000073.html OSVDB:62738 URL:~~http://www.osvdb.org/62738~~ (Obsolete source) OSVDB:62739 URL:~~http://www.osvdb.org/62739~~ (Obsolete source) OSVDB:62740 URL:~~http://www.osvdb.org/62740~~ (Obsolete source) OSVDB:62741 URL:~~http://www.osvdb.org/62741~~ (Obsolete source) OSVDB:62742 URL:~~http://www.osvdb.org/62742~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:5944 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5944 SECTRACK:1023683 URL:http://securitytracker.com/id?1023683 SECUNIA:38749 URL:http://secunia.com/advisories/38749 SECUNIA:38842 URL:http://secunia.com/advisories/38842
Assigning CNA
MITRE Corporation
Date Record Created
20091020	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091020)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)