CVE-2009-4842 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual VirtualIQ Pro 3.5 build 8691 allow remote attackers to inject arbitrary web script or HTML via the (1) addNewDept (2) deptId or (3) deptDesc parameter to tvserver/server/user/addDepartment.jsp; or the (4) firstName (5) lastName or (6) email parameter in a save action to tvserver/user/user.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Reference

http://secunia.com/advisories/37359