CVE-2006-5652

2006-11-0300:00:00

mitre

www.cve.org

5.6 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.4%

JSON

Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.

References

lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html

securityreason.com/securityalert/1806

www.securityfocus.com/archive/1/450184/100/0/threaded

www.securityfocus.com/bid/20838

exchange.xforce.ibmcloud.com/vulnerabilities/29929