source: https://www.securityfocus.com/bid/38913/info
Multiple SpringSource Products are prone to multiple HTML-injection vulnerabilities because they fail to sufficiently sanitize user-supplied data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.
The following are vulnerable:
Hyperic HQ 4.0 prior to 4.0.3.2
Hyperic HQ 4.1 prior to 4.1.2.1
Hyper HQ Open Source
Hyperic HQ 4.2 pre-release
tc Server 6.0.20.B and prior
AMS 2.0 prior to 2.0.0.SR4
Paste the following code into the description field:
<SCRIPT>alert("XSS Vulnerable")</SCRIPT>