Vulnerabilities > CVE-2006-5653 - Cross-Site Scripting vulnerability in SUN Java System Messenger Express 6

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
sun
exploit available
NVD
Published: 2006-11-03
Updated: 2018-10-17

Summary

Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned.

Vulnerable Configurations

Part Description Count
Application
Sun
1

Exploit-Db

descriptionSun Java System 6.x Messenger Express Cross-Site Scripting Vulnerability. CVE-2006-5653. Remote exploit for java platform
idEDB-ID:28887
last seen2016-02-03
modified2006-10-31
published2006-10-31
reporterHandrix
sourcehttps://www.exploit-db.com/download/28887/
titleSun Java System 6.x Messenger Express Cross-Site Scripting Vulnerability

References