Vulnerability Name: | CVE-2006-5653 (CCN-29939) | ||||||||
Assigned: | 2006-10-31 | ||||||||
Published: | 2006-10-31 | ||||||||
Updated: | 2018-10-17 | ||||||||
Summary: | Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. Note: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned. | ||||||||
CVSS v3 Severity: | 4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
CVSS v2 Severity: | 4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||||
Vulnerability Type: | CWE-Other | ||||||||
Vulnerability Consequences: | Gain Access | ||||||||
References: | Source: CCN Type: Full-Disclosure Mailing List, Mon Oct 30 2006 - 22:20:11 CST Sun java System Messenger Express XSS Source: MITRE Type: CNA CVE-2006-5653 Source: MITRE Type: CNA CVE-2007-2904 Source: CCN Type: SA22663 Sun Java System Messenger Express "error" Cross-Site Scripting Source: SECUNIA Type: Exploit, Vendor Advisory 22663 Source: SREASON Type: UNKNOWN 1805 Source: CCN Type: SECTRACK ID: 1018106 Sun Java System Messaging Server Input Validation Hole Permits Cross-Site Scripting Attacks Source: CCN Type: Sun Alert ID: 102909 Cross-site Scripting Vulnerability in Sun Java System Messaging Server Source: CCN Type: ASA-2007-213 Cross-site Scripting Vulnerability in Sun Java System Messaging Server (Sun 102909) Source: CCN Type: OSVDB ID: 38146 Sun Java System Messaging Server Unspecified XSS Source: CCN Type: OSVDB ID: 49836 Sun Java System Messaging Server Unspecified XSS Source: BUGTRAQ Type: UNKNOWN 20061031 Sun java System Messenger Express XSS Source: BUGTRAQ Type: UNKNOWN 20070104 Re: Sun java System Messenger Express XSS Source: BID Type: Exploit 20832 Source: CCN Type: BID-20832 Sun Java System Messenger Express Cross-Site Scripting Vulnerability Source: SECTRACK Type: UNKNOWN 1018106 Source: CCN Type: Sun Java System Messaging Server Web site Sun Java System Messaging Server Source: VUPEN Type: UNKNOWN ADV-2006-4281 Source: XF Type: UNKNOWN sun-messaging-index-xss(29939) Source: XF Type: UNKNOWN sun-messaging-index-xss(29939) | ||||||||
Vulnerable Configuration: | Configuration 1: Configuration CCN 1: ![]() | ||||||||
BACK |