Vulnerability Description
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Eclipse | Birt | <= 2.3.2 |
Related Weaknesses (CWE)
References
- http://antisnatchor.com/2008/12/18/eclipse-birt-reflected-xssExploit
- http://secunia.com/advisories/37025Vendor Advisory
- http://www.osvdb.org/58941
- http://www.securityfocus.com/archive/1/507172/100/0/threaded
- http://www.securityfocus.com/bid/36674Exploit
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=259127Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53773
- http://antisnatchor.com/2008/12/18/eclipse-birt-reflected-xssExploit
- http://secunia.com/advisories/37025Vendor Advisory
- http://www.osvdb.org/58941
- http://www.securityfocus.com/archive/1/507172/100/0/threaded
- http://www.securityfocus.com/bid/36674Exploit
- https://bugs.eclipse.org/bugs/show_bug.cgi?id=259127Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53773
FAQ
What is CVE-2009-4521?
CVE-2009-4521 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to...
How severe is CVE-2009-4521?
CVE-2009-4521 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4521?
Check the references section above for vendor advisories and patch information. Affected products include: Eclipse Birt.