CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2009-4187
https://notcve.org/view.php?id=CVE-2009-4187
Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el componente Gateway en Sun Java System Portal Server v6.3.1, v7.1, y v7.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria. • http://securitytracker.com/id?1023260 http://sunsolve.sun.com/search/document.do?assetkey=1-21-138686-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-269368-1 http://www.securityfocus.com/bid/37186 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0CVE-2009-1796
https://notcve.org/view.php?id=CVE-2009-1796
Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Sun Java System Portal Server v6.3.1, v7.1, y v7.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores relacionados con una pagina de error. • http://osvdb.org/54705 http://secunia.com/advisories/35221 http://sunsolve.sun.com/search/document.do?assetkey=1-21-118950-38-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-256588-1 http://www.securityfocus.com/bid/35082 http://www.securitytracker.com/id?1022273 http://www.vupen.com/english/advisories/2009/1411 https://exchange.xforce.ibmcloud.com/vulnerabilities/50704 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2008-6192
https://notcve.org/view.php?id=CVE-2008-6192
Multiple cross-site scripting (XSS) vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en Portlets no especificados en Sun Java System Portal Server 7.0 y 7.1 que permite a los atacantes remotos inyectar arbitrariamente secuencias de comandos web o HTML a través de vectores desconocidos. • http://secunia.com/advisories/31538 http://sunsolve.sun.com/search/document.do?assetkey=1-26-239308-1 http://www.securityfocus.com/bid/30738 http://www.securitytracker.com/id?1020706 http://www.vupen.com/english/advisories/2008/2404 https://exchange.xforce.ibmcloud.com/vulnerabilities/44531 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2007-4289
https://notcve.org/view.php?id=CVE-2007-4289
Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715. El Sun Java System Portal Server 7.0 no procesa correctamente las hojas de estilo XSLT en las transformaciones XSLT de las firmas XSLT, lo que permite a atacantes depedientes del contexto, ejecutar métodos Java de su elección a través de hojas de estilo modificadas. Vulnerabilidad relacionada con la CVE-2007-3715. • http://secunia.com/advisories/26327 http://securitytracker.com/id?1018513 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103015-1 http://www.isecpartners.com/advisories/2007-04-dsig.txt http://www.isecpartners.com/files/XMLDSIG_Command_Injection.pdf http://www.securityfocus.com/archive/1/473553/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/35811 •