Vulnerability Name:

CVE-2009-1294 (CCN-49893)

Assigned:2009-04-15
Published:2009-04-15
Updated:2018-10-10
Summary:Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Authentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): 
Access Complexity (AC): 
Athentication (Au): 
Impact Metrics:Confidentiality (C): 
Integrity (I): 
Availibility (A): 
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-1294

Source: CCN
Type: SA32869
SAP GUI KWEdit ActiveX Control "SaveDocumentAs()" Insecure Method

Source: CCN
Type: SA34714
Novell Teaming User Enumeration and Cross-Site Scripting Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
34714

Source: CCN
Type: SECTRACK ID: 1022063
Novell Teaming Input Validation Flaw Permits Cross-Site Scripting Attacks

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7002999&sliceId=1&docTypeID=DT_TID_1_1&dialogID=33090060&stateId=1%200%2033084737

Source: CCN
Type: Novell Document ID: 7002999
Novell Teaming Cross-Site Scripting Vulnerability fix

Source: BUGTRAQ
Type: UNKNOWN
20090415 SEC Consult SA-20090415-0 :: Multiple Vulnerabilities in Novell Teaming

Source: CCN
Type: BID-34524
SAP AG SAPgui KWEdit ActiveX Control Insecure Method Remote Code Execution Vulnerability

Source: BID
Type: Exploit
34531

Source: CCN
Type: BID-34531
Novell Teaming User Enumeration Weakness and Multiple Cross Site Scripting Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1022063

Source: VUPEN
Type: UNKNOWN
ADV-2009-1048

Source: XF
Type: UNKNOWN
teaming-home-xss(49893)

Source: CCN
Type: SEC Consult Security Advisory < 20090415-0 >
Novell Teaming Multiple Vulnerabilities

Source: MISC
Type: Exploit
https://www.sec-consult.com/files/20090415-0-novell-teaming.txt

Vulnerable Configuration:Configuration 1:
  • cpe:/a:novell:teaming:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:teaming:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:novell:teaming:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:novell:teaming:1.0.3:*:*:*:*:*:*:*
  • AND
  • cpe:/a:liferay:liferay_enterprise_portal:4.3.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:novell:teaming:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:novell:teaming:1.0:sp3:*:*:*:*:*:*
  • OR cpe:/a:novell:teaming:1.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:novell:teaming:1.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:novell:teaming:1.0.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2009-1294 (CCN-49894)

    Assigned:2009-04-15
    Published:2009-04-15
    Updated:2018-10-10
    Summary:Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home in the Liferay 4.3.0 portal in Novell Teaming 1.0 through SP3 (1.0.3) allow remote attackers to inject arbitrary web script or HTML via the (1) p_p_state or (2) p_p_mode parameters.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
    3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Authentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
    3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
    Exploitability Metrics:Access Vector (AV): 
    Access Complexity (AC): 
    Athentication (Au): 
    Impact Metrics:Confidentiality (C): 
    Integrity (I): 
    Availibility (A): 
    Vulnerability Type:CWE-79
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2009-1294

    Source: CCN
    Type: SA32869
    SAP GUI KWEdit ActiveX Control "SaveDocumentAs()" Insecure Method

    Source: CCN
    Type: SA34714
    Novell Teaming User Enumeration and Cross-Site Scripting Vulnerabilities

    Source: CCN
    Type: SECTRACK ID: 1022063
    Novell Teaming Input Validation Flaw Permits Cross-Site Scripting Attacks

    Source: CCN
    Type: Novell Document ID: 7002999
    Novell Teaming Cross-Site Scripting Vulnerability fix

    Source: CCN
    Type: BID-34524
    SAP AG SAPgui KWEdit ActiveX Control Insecure Method Remote Code Execution Vulnerability

    Source: CCN
    Type: BID-34531
    Novell Teaming User Enumeration Weakness and Multiple Cross Site Scripting Vulnerabilities

    Source: XF
    Type: UNKNOWN
    teaming-portal-xss(49894)

    Source: CCN
    Type: SEC Consult Security Advisory < 20090415-0 >
    Novell Teaming Multiple Vulnerabilities

    BACK
    novell teaming 1.0
    novell teaming 1.0.1
    novell teaming 1.0.2
    novell teaming 1.0.3
    liferay liferay enterprise portal 4.3.0
    novell teaming 1.0
    novell teaming 1.0 sp3
    novell teaming 1.0 sp2
    novell teaming 1.0 sp1
    novell teaming 1.0.3