CVE-2009-3731

Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

Published: Dec 16, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-3731
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
webworks / help	4.0	4.0.x
webworks / help	2.0	2.0.x
webworks / publisher	2003	2003.x
webworks / publisher	8.0	8.0.x
webworks / epublisher	2009.2	2009.2.x
webworks / epublisher	2008.2	2008.2.x
webworks / epublisher	2009.1	2009.1.x
webworks / epublisher	9.1	9.1.x
webworks / publisher	6.0	6.0.x
webworks / epublisher	2008.1	2008.1.x
webworks / epublisher	9.0	9.0.x
webworks / epublisher	2008.3	2008.3.x
webworks / epublisher	9.3	9.3.x
webworks / publisher	7.0	7.0.x
webworks / epublisher	9.2	9.2.x
webworks / help	5.0	5.0.x
webworks / help	3.0	3.0.x
webworks / epublisher	2008.4	2008.4.x
vmware / vcenter	4.0	4.0.x
vmware / vcenter_lab_manager	3.0.1	3.0.1.x
vmware / vcenter_lab_manager	3.0.2	3.0.2.x
vmware / stage_manager	1.0	1.0.x
vmware / vcenter_stage_manager	1.0.1	1.0.1.x
vmware / lab_manager	2.0	2.0.x
vmware / server	2.0.2	2.0.2.x
vmware / stage_manager	-	4.0.x
vmware / vcenter_lab_manager	3.0	3.0.x
vmware / esx_server	4.0	4.0.x
vmware / vcenter_lab_manager	4.0	4.0.x

Vulnerability Database

289,599

CVE-2009-3731