Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML via (1) the siteloc parameter in a displayaddsite action, the site parameter in a (2) generalproperties or (3) clusterserviceproperties action, (4) the adminurl parameter in a global action, or (5) the print-list parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Novell | Open Enterprise Server | 1.x |
Related Weaknesses (CWE)
References
- http://osvdb.org/51941
- http://packetstormsecurity.org/0902-exploits/nqfs-xss.txtExploit
- http://secunia.com/advisories/33886Vendor Advisory
- http://www.securityfocus.com/bid/33708Exploit
- http://www.securitytracker.com/id?1021695
- http://www.vupen.com/english/advisories/2009/0421
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48619
- http://osvdb.org/51941
- http://packetstormsecurity.org/0902-exploits/nqfs-xss.txtExploit
- http://secunia.com/advisories/33886Vendor Advisory
- http://www.securityfocus.com/bid/33708Exploit
- http://www.securitytracker.com/id?1021695
- http://www.vupen.com/english/advisories/2009/0421
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48619
FAQ
What is CVE-2009-0611?
CVE-2009-0611 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in qfsearch/AdminServlet in QuickFinder Server in Novell Open Enterprise Server 1.x allow remote attackers to inject arbitrary web script or HTML vi...
How severe is CVE-2009-0611?
CVE-2009-0611 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0611?
Check the references section above for vendor advisories and patch information. Affected products include: Novell Open Enterprise Server.