XSS Vulnerability in iPlanet Web Server 4.x from Sun Microsystems
CVE-2007-0183

Currently unrated

Key Information:

Vendor: Oracle
Status: Iplanet Web Server
Vendor: CVE Published:; 12 January 2007

Summary

A cross-site scripting (XSS) vulnerability exists in the iPlanet Web Server 4.x, allowing remote attackers to inject arbitrary web script or HTML code via the NS-max-records parameter in the /search functionality. This flaw can expose users to potential malware or phishing attacks if exploited, as it may allow the attacker to manipulate web content and steal sensitive information.

References

http://osvdb.org/32662

vdb-entryx_refsource_OSVDB

http://www.securityfocus.com/bid/21977

vdb-entryx_refsource_BID

http://secunia.com/advisories/23605

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 12, 2007
Vulnerability Reserved
Jan 10, 2007