3 results (0.010 seconds)

CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruxados (XSS) en help jsp scripts en Sun Java Web Console v3.0.2 a la v3.0.5, y Sun Java Web Console en Solaris 10, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados. • http://secunia.com/advisories/35597 http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-03-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-262428-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020659.1-1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0

Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter. Vulnerabilidad involuntaria de redirección en console/faces/jsp/login/BeginLogin.jsp en Sun Java Web Console v3.0.2 a v3.0.5 y Solaris 10 permite a atacantes remotos redirigir a los usuarios a sitios web de su elección y realizar ataques de phising a través del parámetro redirect_url. • http://sunsolve.sun.com/search/document.do?assetkey=1-21-125950-18-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-125952-18-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-136987-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-243786-1 http://www.securityfocus.com/bid/32771 https://exchange.xforce.ibmcloud.com/vulnerabilities/47257 •

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0

Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors. Vulnerabilidad no especificada en Sun Java Web Console 3.0.2, 3.0.3 y 3.0.4 permite a atacantes remotos evitar las restricciones de acceso planeadas y determinar la existencia de ficheros o directorios mediante vectores desconocidos. • http://secunia.com/advisories/29290 http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1 http://www.securityfocus.com/bid/28155 http://www.securitytracker.com/id?1019574 http://www.vupen.com/english/advisories/2008/0806/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41069 •