CVE-2008-0239

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Identity Manager
Vendor: CVE Published:; 11 January 2008

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.

References

http://www.securityfocus.com/archive/1/486076/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.procheckup.com/Vulnerability_PR07-07.php

x_refsource_MISC

http://www.procheckup.com/Vulnerability_PR07-06.php

x_refsource_MISC

EPSS Score

17% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 11, 2008
Vulnerability Reserved
Jan 11, 2008