Cross-Site Scripting Vulnerability in Sun ONE Messaging Server and iPlanet Messaging Server
CVE-2004-2765

Currently unrated

Key Information:

Vendor: Oracle
Status: Iplanet Messaging Server
Vendor: CVE Published:; 28 January 2010

Summary

A cross-site scripting (XSS) vulnerability exists in the Webmail component of the Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 configurations prior to 5.2hf2.02. This security flaw occurs when users access the service using Internet Explorer. Attackers can exploit this vulnerability to inject arbitrary web scripts or HTML code through specially crafted email messages, potentially compromising user sessions or delivering malicious content.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://sunsolve.sun.com/search/document.do?assetkey=1-21-...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 28, 2010