CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2010-4456
https://notcve.org/view.php?id=CVE-2010-4456
Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail. Vulnerabilidad no especificada en Oracle Sun Java System Communications Express v6.2 y v6.3 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con la Web de correo. • http://osvdb.org/70586 http://secunia.com/advisories/42990 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45896 http://www.vupen.com/english/advisories/2011/0157 https://exchange.xforce.ibmcloud.com/vulnerabilities/64815 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-1227
https://notcve.org/view.php?id=CVE-2010-1227
Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc. Una vulnerabilidad de tipo cross-site scripting (XSS) en Sun Java System Communications Express versiones 6.2 y 6.3, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del campo asunto de un mensaje, como es demostrado por un asunto que contiene un elemento IMG con un atributo SRC que realiza un ataque de tipo cross-site request forgery (CSRF) que involucra los parámetros cmd y argv en el archivo cmd.msc. • http://secunia.com/advisories/42990 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/archive/1/510154/100/0/threaded http://www.vupen.com/english/advisories/2011/0157 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 83%CPEs: 6EXPL: 5CVE-2009-1729 – Sun Java System Communications Express 6.3 - 'search.xml' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-1729
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en Sun Java System Communications Express 6 2005Q4 (también conocido como v6.2) y v6.3 que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a través del parámetro (1) abperson_displayName para uwc/abs/search.xml en la implementación añadir contacto en el componente libro de direcciones personales o el parámetros (2) temporaryCalendars para uwc/base/UWCMain. • https://www.exploit-db.com/exploits/32863 https://www.exploit-db.com/exploits/32864 http://osvdb.org/54609 http://osvdb.org/54610 http://seclists.org/fulldisclosure/2009/May/0177.html http://secunia.com/advisories/32474 http://securitytracker.com/alerts/2009/May/1022266.html http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1 http://www.coresecurity.com/content/sun-communications-express • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2009-0877
https://notcve.org/view.php?id=CVE-2009-0877
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados - XSS - en Sun Java System Communications Express que permite atacantes remotos inyectar una secuencia de comandos web o HTML a tra´ves del (1) Nombre completo o (2) campo asunto. • http://osvdb.org/52718 http://sosoblood.freehostia.com/SJSC/html_injection.gif http://www.securityfocus.com/archive/1/501672/100/0/threaded http://www.securityfocus.com/bid/34083 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 2EXPL: 0CVE-2005-3472
https://notcve.org/view.php?id=CVE-2005-3472
Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files. • http://secunia.com/advisories/17395 http://securitytracker.com/id?1015135 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1 http://www.osvdb.org/20448 http://www.securityfocus.com/bid/15271 http://www.vupen.com/english/advisories/2005/2274 •