CVSS: 2.6EPSS: 0%CPEs: 26EXPL: 0CVE-2009-2268
https://notcve.org/view.php?id=CVE-2009-2268
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) en el Cross-Domain Controller (CDC) servlet en Sun Java System Access Manager v6 2005Q1, v7 2005Q4, y v7.1, permite a atacantes remotos ejecutar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/35651 http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2008-4747
https://notcve.org/view.php?id=CVE-2008-4747
Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library. Vulnerabilidad no especificada en la característica de búsqueda de Sun Java System LDAP JDK anterior a v4.20; permite a atacantes dependientes del contexto obtener información sensible a través de vectores de ataque desconocidos relacionados con la biblioteca LDAP JDK. • http://secunia.com/advisories/32327 http://sunsolve.sun.com/search/document.do?assetkey=1-26-242246-1 http://www.securityfocus.com/bid/31905 http://www.securitytracker.com/id?1021103 http://www.vupen.com/english/advisories/2008/2916 https://exchange.xforce.ibmcloud.com/vulnerabilities/46074 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •