/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka “frame injection.”
secunia.com/advisories/28356
securityreason.com/securityalert/3535
sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1
sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1
www.procheckup.com/Vulnerability_PR07-10.php
www.securityfocus.com/archive/1/486076/100/0/threaded
www.securityfocus.com/bid/27214
www.vupen.com/english/advisories/2008/0089
exchange.xforce.ibmcloud.com/vulnerabilities/39586