VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published Dec 16, 2009· Updated Apr 23, 2026

CVE-2009-3731

CVE-2009-3731

Description

Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

Affected products

29
  • VMware/Esx Server
    cpe:2.3:a:vmware:esx_server:4.0:*:*:*:*:*:*:*
  • VMware/Lab Manager
    cpe:2.3:a:vmware:lab_manager:2.0:*:*:*:*:*:*:*
  • VMware/Server
    cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*
  • VMware/Stage Manager2 versions
    cpe:2.3:a:vmware:stage_manager:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:vmware:stage_manager:*:*:*:*:*:*:*:*range: <=4.0
    • cpe:2.3:a:vmware:stage_manager:1.0:*:*:*:*:*:*:*
  • VMware/Vcenter
    cpe:2.3:a:vmware:vcenter:4.0:*:*:*:*:*:*:*
  • VMware/Vcenter Lab Manager4 versions
    cpe:2.3:a:vmware:vcenter_lab_manager:3.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:vmware:vcenter_lab_manager:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_lab_manager:3.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_lab_manager:3.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:vmware:vcenter_lab_manager:4.0:*:*:*:*:*:*:*
  • VMware/Vcenter Stage Manager
    cpe:2.3:a:vmware:vcenter_stage_manager:1.0.1:*:*:*:*:*:*:*
  • Webworks/Epublisher10 versions
    cpe:2.3:a:webworks:epublisher:2008.1:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:webworks:epublisher:2008.1:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:epublisher:2008.2:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:epublisher:2008.3:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:epublisher:2008.4:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:epublisher:2009.1:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:epublisher:2009.2:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:epublisher:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:epublisher:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:epublisher:9.2:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:epublisher:9.3:*:*:*:*:*:*:*
  • Webworks/Help4 versions
    cpe:2.3:a:webworks:help:2.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:webworks:help:2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:help:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:help:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:help:5.0:*:*:*:*:*:*:*
  • Webworks/Publisher4 versions
    cpe:2.3:a:webworks:publisher:2003:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:webworks:publisher:2003:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:publisher:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:publisher:7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:webworks:publisher:8.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

14

News mentions

0

No linked articles in our index yet.