Cross-Site Scripting Vulnerabilities in Parallels H-Sphere
CVE-2008-6465

Currently unrated

Key Information:

Vendor: Parallels
Status: H-sphere
Vendor: CVE Published:; 13 March 2009

What is CVE-2008-6465?

Multiple cross-site scripting vulnerabilities exist in the login.php file of webshell4 in Parallels H-Sphere, allowing remote attackers to inject arbitrary web scripts or HTML code. This is accomplished through manipulation of the parameters 'err', 'errorcode', and 'login'. The presence of these vulnerabilities can lead to unauthorized actions on behalf of users, compromising the integrity and security of the application.

References

http://www.xssing.com/index.php?x=3&y=65

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/45252

vdb-entryx_refsource_XF

http://secunia.com/advisories/31830

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Mar 13, 2009
Vulnerability Reserved
Mar 13, 2009