CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2008-1204
https://notcve.org/view.php?id=CVE-2008-1204
Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en la Consola de Administración en Sun Java System Access Manager 7.1 y 7 2005Q4 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su eleccción a través de vectores no especificados relacionados con las ventanas de (1) Ayuda y (2) Versión. • http://secunia.com/advisories/29252 http://sunsolve.sun.com/search/document.do?assetkey=1-26-201251-1 http://www.securityfocus.com/bid/28113 http://www.vupen.com/english/advisories/2008/0784 https://exchange.xforce.ibmcloud.com/vulnerabilities/41024 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 35%CPEs: 5EXPL: 7CVE-2008-0239 – Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp?resultsForm' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0239
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Identity Manager 6.0 SP1 hasta SP3, 7.0, y 7.1 permiten a atacantes remotos inyectar, a su elección, códigos web o HTML, usando (1) los parámetros cntry o lang pasados a /idm/login.jsp, (2) el parámetro resultsForm pasado a /idm/account/findForSelect.jsp, o (3) el parámetro activeControl pasado a /idm/user/main.jsp. • https://www.exploit-db.com/exploits/31005 https://www.exploit-db.com/exploits/31004 https://www.exploit-db.com/exploits/31007 http://secunia.com/advisories/28356 http://securityreason.com/securityalert/3535 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1 http://www.procheckup.com/Vulnerability_PR07-06.php http://www.procheckup.com/Vulnerability_PR07-07.php http://www.procheckup.com/Vulnerability& • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 5EXPL: 2CVE-2008-0240 – Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/help/index.jsp?helpUrl' Remote Frame Injection
https://notcve.org/view.php?id=CVE-2008-0240
/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection." El fichero /idm/help/index.jsp en Sun Java System Identity Manager 6.0 SP1 hasta SP3, 7.0, y 7.1 permite que atacantes remotos inyecten marcos desde cualquier sitio web, y lleven a cabo ataques de phising a través del parámetro helpUrl, también conocido como "inyección de marco". • https://www.exploit-db.com/exploits/31006 http://secunia.com/advisories/28356 http://securityreason.com/securityalert/3535 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1 http://www.procheckup.com/Vulnerability_PR07-10.php http://www.securityfocus.com/archive/1/486076/100/0/threaded http://www.securityfocus.com/bid/27214 http://www.vupen.com/english/advisories/2008/0089 https://exchange.xfo • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 1%CPEs: 5EXPL: 1CVE-2008-0241
https://notcve.org/view.php?id=CVE-2008-0241
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter. Una vulnerabilidad de redireccionamiento abierto en el archivo /idm/user/login.jsp en Sun Java System Identity Manager versión 6.0 SP1 hasta SP3, versiones 7.0 y 7.1, permite a atacantes remotos redireccionar a los usuarios a sitios web arbitrarios y conducir ataques de phishing por medio de una URL en el parámetro nextPage. • http://secunia.com/advisories/28356 http://securityreason.com/securityalert/3535 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1 http://www.procheckup.com/Vulnerability_PR07-12.php http://www.securityfocus.com/archive/1/486076/100/0/threaded http://www.securityfocus.com/bid/27214 http://www.vupen.com/english/advisories/2008/0089 https://exchange.xforce.ibmcloud.com/vulnerabilities/39590 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 20EXPL: 0CVE-2007-6569
https://notcve.org/view.php?id=CVE-2007-6569
Cross-site scripting (XSS) vulnerability in the View Error Log functionality in Sun Java System Web Proxy Server 4.x before 4.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566246. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la funcionalidad View Error Log (Ver Registro de Errores) en Sun Java System Web Proxy Server 4.x anterior a 4.0.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de vectores no especificados, también conocido como BugID 6566246. • http://docs.sun.com/app/docs/doc/820-2499/aeaaa?a=view http://secunia.com/advisories/28186 http://secunia.com/advisories/28216 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103002-1 http://www.securityfocus.com/bid/26978 http://www.vupen.com/english/advisories/2007/4313 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •