Unrated severityNVD Advisory· Published May 7, 2010· Updated Jun 16, 2026
CVE-2009-4848
CVE-2009-4848
Description
Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.2 build 7882 and 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) userId parameter to tvserver/server/user/setPermissions.jsp, (2) deptName parameter to tvserver/server/user/addDepartment.jsp, (3) ID parameter to tvserver/server/inventory/inventoryTabs.jsp, (4) reportName parameter to tvserver/reports/virtualIQAdminReports.do, or (5) middleName parameter in a save action to tvserver/user/user.do.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:toutvirtual:virtualiq:3.2:-:pro:*:*:*:*:*+ 2 more
- cpe:2.3:a:toutvirtual:virtualiq:3.2:-:pro:*:*:*:*:*
- cpe:2.3:a:toutvirtual:virtualiq:3.5:-:pro:*:*:*:*:*
- (no CPE)range: 3.2 build 7882 and 3.5 build 8691
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.