8 matches found
CVE-2008-5114
Sun Java System Identity Manager is affected by CVE-2008-5114, with multiple XSS vulnerabilities disclosed in versions 6.0 (including SP1-SP4), 7.0, and 7.1. The described issue allows remote attackers to inject arbitrary script/HTML via unspecified vectors. Exploit details and exact affected com...
CVE-2008-5118
Sun Java System Identity Manager 6.0–6.0 SP4, 7.0, and 7.1 are affected by CVE-2008-5118, which enables remote attackers to inject frames from arbitrary sites and perform phishing via frame injection. The root cause is framed content handling that lacks proper validation, enabling cross-site fram...
CVE-2009-1081
CVE-2009-1081 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue is multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug IDs 19595 and 19661). The connected documents do not provide concrete exploi...
CVE-2008-0239
The CVE-2008-0239 issue covers multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager versions 6.0 SP1–SP3, 7.0, and 7.1. The root cause is failure to sanitize user-supplied input in several JSP scripts, allowing remote, unauthenticated attackers to inject arbitra...
CVE-2009-1078
CVE-2009-1078 affects Sun Java System Identity Manager (IdM) 7.0–8.0. The issue is that the product does not enforce the expected privilege requirements for (1) deleting audit policies and (2) modifying workflows, allowing remote authenticated users to have an unspecified impact. The available co...
CVE-2009-1080
CVE-2009-1080 affects Sun Java System Identity Manager (IdM) 7.0 through 8.0. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug ID 19033). Affected component: IdM web interfac...
CVE-2008-0240
Sun Java System Identity Manager (versions 6.0 SP1–SP3, 7.0, 7.1) is affected by a vulnerability in /idm/help/index.jsp where the helpUrl parameter can be abused to inject frames from arbitrary sites, enabling phishing-like framing attacks. This aligns with the public CVE-2008-0240 description of...
CVE-2009-1079
CVE-2009-1079 applies to Sun Java System Identity Manager (IdM) 7.0 through 8.0. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via unspecified vectors (Bug IDs 19659, 19660, 19683). The affected softw...