Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) userId parameter to tvserver/server/user/setPermissions.jsp, (2) deptName parameter to tvserver/server/user/addDepartment.jsp, (3) ID parameter to tvserver/server/inventory/inventoryTabs.jsp, (4) reportName parameter to tvserver/reports/virtualIQAdminReports.do, or (5) middleName parameter in a save action to tvserver/user/user.do.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-05-07T18:23:00

Updated: 2024-08-07T07:17:25.751Z

Reserved: 2010-05-07T00:00:00

Link: CVE-2009-4848

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2010-05-07T18:30:01.297

Modified: 2024-11-21T01:10:36.737

Link: CVE-2009-4848

cve-icon Redhat

No data.