Lucene search

[email protected]NVD:CVE-2006-5652

HistoryNov 03, 2006 - 12:07 a.m.

CVE-2006-5652

2006-11-0300:07:00

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.4%

JSON

Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.

Affected configurations

NVD

Node

suniplanet_messaging_server_messenger_express

References

lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html

securityreason.com/securityalert/1806

www.securityfocus.com/archive/1/450184/100/0/threaded

www.securityfocus.com/bid/20838

exchange.xforce.ibmcloud.com/vulnerabilities/29929

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.4%

JSON

Related for NVD:CVE-2006-5652

cve5 cvelist5 nvd4