Cross-Site Scripting Vulnerability in Sun Java System Messaging Server
CVE-2007-2904

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Messaging Server
Vendor: CVE Published:; 30 May 2007

What is CVE-2007-2904?

A Cross-Site Scripting (XSS) vulnerability exists in the Sun Java System Messaging Server versions 6.0 through 6.3 when accessed via Internet Explorer. This flaw allows remote attackers to inject arbitrary web scripts or HTML, potentially leading to unauthorized actions on behalf of users. The vulnerability may be linked to specific vectors that were not disclosed, with indications of being a related issue to a previously identified vulnerability.

References

http://www.securitytracker.com/id?1018106

vdb-entryx_refsource_SECTRACK

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://osvdb.org/38146

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 30, 2007
Vulnerability Reserved
May 29, 2007

Oracle

What is CVE-2007-2904?

References

Timeline