Cross-Site Scripting Vulnerability in Sun ONE Application Server and Java Systems
CVE-2006-3225

Currently unrated

Key Information:

Vendor: Oracle
Status: One Application Server; Java System Application Server
Vendor: CVE Published:; 26 June 2006

What is CVE-2006-3225?

This vulnerability allows remote attackers to inject arbitrary HTML or web scripts into affected installations of Sun ONE Application Server and Java System Application Server. The exploitation of this flaw can lead to unauthorized access, data theft, or manipulation of web content. The vulnerability exists due to insufficient validation of user-supplied inputs, making it essential for users to apply the latest updates to mitigate potential risks.

References

http://secunia.com/advisories/20835

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/18635

vdb-entryx_refsource_BID

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2006
Vulnerability Reserved
Jun 26, 2006

Oracle

What is CVE-2006-3225?

References

Timeline