Vulnerabilities > CVE-2006-5652 - HTML Injection vulnerability in iPlanet Messaging Server Messenger Express Expression()
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | iPlanet Messaging Server Messenger Express Expression() HTML Injection Vulnerability. CVE-2006-5652 . Webapps exploit for php platform |
| id | EDB-ID:28890 |
| last seen | 2016-02-03 |
| modified | 2006-10-31 |
| published | 2006-10-31 |
| reporter | LegendaryZion |
| source | https://www.exploit-db.com/download/28890/ |
| title | iPlanet Messaging Server Messenger Express Expression HTML Injection Vulnerability |