Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) userId parameter to tvserver/server/user/setPermissions.jsp, (2) deptName parameter to tvserver/server/user/addDepartment.jsp, (3) ID parameter to tvserver/server/inventory/inventoryTabs.jsp, (4) reportName parameter to tvserver/reports/virtualIQAdminReports.do, or (5) middleName parameter in a save action to tvserver/user/user.do.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2010-05-07T18:23:00
Updated: 2024-08-07T07:17:25.751Z
Reserved: 2010-05-07T00:00:00
Link: CVE-2009-4848
Vulnrichment
No data.
NVD
Status : Modified
Published: 2010-05-07T18:30:01.297
Modified: 2024-11-21T01:10:36.737
Link: CVE-2009-4848
Redhat
No data.