Lucene search

K
cve[email protected]CVE-2008-0239
HistoryJan 11, 2008 - 10:46 p.m.

CVE-2008-0239

2008-01-1122:46:00
CWE-79
web.nvd.nist.gov
24
cve-2008-0239
cross-site scripting
xss
sun java system identity manager
nvd
security vulnerability

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.513 Medium

EPSS

Percentile

97.6%

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.

Affected configurations

NVD
Node
sunjava_system_identity_managerMatch6.0sp1
OR
sunjava_system_identity_managerMatch6.0sp2
OR
sunjava_system_identity_managerMatch6.0sp3
OR
sunjava_system_identity_managerMatch7.0
OR
sunjava_system_identity_managerMatch7.1

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.513 Medium

EPSS

Percentile

97.6%

Related for CVE-2008-0239