Cross-site Scripting Vulnerability in Sun Java System Messaging Server
CVE-2006-5486

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Messaging Server; Iplanet Messaging Server
Vendor: CVE Published:; 24 October 2006

What is CVE-2006-5486?

A cross-site scripting (XSS) vulnerability exists in the Webmail component of the Sun Java System Messaging Server and the iPlanet Messaging Server. This flaw permits remote attackers to inject and execute arbitrary JavaScript code through specially crafted email messages. Effective exploitation can lead to unauthorized actions being performed on behalf of users, potentially jeopardizing sensitive data and compromising the integrity of session tokens.

References

http://www.securityfocus.com/bid/20708

vdb-entryx_refsource_BID

http://securitytracker.com/id?1017113

vdb-entryx_refsource_SECTRACK

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

Timeline

Vulnerability published
Oct 24, 2006
Vulnerability Reserved
Oct 24, 2006

Oracle

What is CVE-2006-5486?

References

Timeline