Cross-site Scripting Vulnerability in Sun Application Servers and Web Server
CVE-2003-0413
Currently unrated
Summary
The vulnerability allows attackers to exploit the webapps-simple sample application on the Sun ONE Application Server and Sun Java System Web Server. By crafting an HTTP request that prompts an 'Invalid JSP file' error, attackers can inject arbitrary web script or HTML into the response. This could lead to the execution of malicious scripts in the context of the user's browser, compromising user data and potentially leading to further attacks.
References
Timeline
Vulnerability published
Vulnerability Reserved