Vulnerabilities > SUN > Java System Access Manager > 7.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-07-01 | CVE-2009-2268 | Cross-Site Scripting vulnerability in SUN Java System Access Manager Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
| 2008-06-30 | CVE-2008-2945 | Improper Input Validation vulnerability in SUN products Sun Java System Access Manager 6.3 through 7.1 and Sun Java System Identity Server 6.1 and 6.2 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715, CVE-2007-3716, and CVE-2007-4289. | 7.5 |
| 2008-03-08 | CVE-2008-1204 | Cross-Site Scripting vulnerability in SUN Java System Access Manager 7.0/7.02005Q4/7.1 Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. | 4.3 |
| 2007-01-31 | CVE-2007-0628 | Cross-Site Scripting vulnerability in Sun Java System Access Manager Undisclosed Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. network sun | 4.3 |
| 2006-02-04 | CVE-2006-0531 | Local Authentication Bypass vulnerability in SUN Java System Access Manager 7.0 Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool. | 7.2 |