An authenticated Hyperic user can create an alert with JavaScript code in the Description field. When a user visits the Alerts list, the Description field of every alert is displayed without properly escaping especial HTML characters, thus leading to a persistent XSS.

-</p>

Make your website safer. Use external penetration testing (http://www.beyondsecurity.com/penetration-testing.html) service. First report ready in one hour!</p>

**Hidden Content: Check the thread to see hidden data.**