Cross-Site Scripting Vulnerabilities in Sun Java System Access Manager
CVE-2007-0628
Currently unrated
Summary
Multiple cross-site scripting (XSS) vulnerabilities exist within Sun Java System Access Manager, specifically in versions 6.1, 6.2, 6 2005Q1, and 7 2005Q4. These weaknesses enable remote attackers to inject arbitrary web scripts or HTML via parameters such as 'goto' or 'gx-charset'. Exploiting these vulnerabilities can allow attackers to manipulate the content displayed to users, potentially leading to data theft, session hijacking, or further exploitation of user accounts.
References
Timeline
Vulnerability published
Vulnerability Reserved