Lucene search

[email protected]CVE-2006-5652

HistoryNov 03, 2006 - 12:07 a.m.

CVE-2006-5652

2006-11-0300:07:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

sun iplanet

messaging server

xss

vulnerability

cve-2006-5652

nvd

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.1%

JSON

Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.

CPENameOperatorVersion
sun:iplanet_messaging_server_messenger_expresssun iplanet messaging server messenger expresseq*

CPE	Name	Operator	Version
sun:iplanet_messaging_server_messenger_express	sun iplanet messaging server messenger express	eq	*

References

lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html

securityreason.com/securityalert/1806

www.securityfocus.com/archive/1/450184/100/0/threaded

www.securityfocus.com/bid/20838

exchange.xforce.ibmcloud.com/vulnerabilities/29929

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.1%

JSON

Related for CVE-2006-5652

cve4