CVE-2008-0239
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.513 Medium
EPSS
Percentile
97.6%
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.
Affected configurations
References
secunia.com/advisories/28356
securityreason.com/securityalert/3535
sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1
sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1
www.procheckup.com/Vulnerability_PR07-06.php
www.procheckup.com/Vulnerability_PR07-07.php
www.procheckup.com/Vulnerability_PR07-08.php
www.procheckup.com/Vulnerability_PR07-09.php
www.securityfocus.com/archive/1/486076/100/0/threaded
www.securityfocus.com/bid/27214
www.securitytracker.com/id?1019175
www.vupen.com/english/advisories/2008/0089
exchange.xforce.ibmcloud.com/vulnerabilities/39580
exchange.xforce.ibmcloud.com/vulnerabilities/39581
exchange.xforce.ibmcloud.com/vulnerabilities/39582
exchange.xforce.ibmcloud.com/vulnerabilities/39583
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.513 Medium
EPSS
Percentile
97.6%