CVE-2009-1729

2009-05-2114:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve

2009

1729

xss

vulnerabilities

sun java system

communications express

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.832 High

EPSS

Percentile

98.5%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.

Affected configurations

NVD

Node

sunjava_system_communications_expressMatch6.2sparc

sunjava_system_communications_expressMatch6.3sparc

Node

sunjava_system_communications_expressMatch6.2x86

sunjava_system_communications_expressMatch6.3x86

Node

sunjava_system_communications_expressMatch6.2linux

sunjava_system_communications_expressMatch6.3linux

CPENameOperatorVersion
sun:java_system_communications_expresssun java system communications expresseq6.2
sun:java_system_communications_expresssun java system communications expresseq6.3

CPE	Name	Operator	Version
sun:java_system_communications_express	sun java system communications express	eq	6.2
sun:java_system_communications_express	sun java system communications express	eq	6.3