MitreCVELIST:CVE-2008-0239CVE-2008-0239
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.
References
secunia.com/advisories/28356
securityreason.com/securityalert/3535
sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1
sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1
www.procheckup.com/Vulnerability_PR07-06.php
www.procheckup.com/Vulnerability_PR07-07.php
www.procheckup.com/Vulnerability_PR07-08.php
www.procheckup.com/Vulnerability_PR07-09.php
www.securityfocus.com/archive/1/486076/100/0/threaded
www.securityfocus.com/bid/27214
www.securitytracker.com/id?1019175
www.vupen.com/english/advisories/2008/0089
exchange.xforce.ibmcloud.com/vulnerabilities/39580
exchange.xforce.ibmcloud.com/vulnerabilities/39581
exchange.xforce.ibmcloud.com/vulnerabilities/39582
exchange.xforce.ibmcloud.com/vulnerabilities/39583
Related
5.9 Medium
AI Score
Confidence
High
0.513 Medium
EPSS
Percentile
97.6%