Multiple Cross-Site Scripting Vulnerabilities in Sun Java System Communications Express
CVE-2009-0877

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Communications Express
Vendor: CVE Published:; 12 March 2009

Summary

Multiple cross-site scripting vulnerabilities have been identified in Sun Java System Communications Express. These vulnerabilities enable remote attackers to inject arbitrary web scripts or HTML into affected instances, primarily through the Full Name or Subject fields. Exploitation of these flaws could lead to unauthorized actions executed in the context of an authenticated user, potentially compromising sensitive data and overall system integrity. It is essential for organizations using this product to be aware of these risks and implement necessary security measures.

References

http://sosoblood.freehostia.com/SJSC/html_injection.gif

x_refsource_MISC

http://www.securityfocus.com/archive/1/501672/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/34083

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Mar 12, 2009
Vulnerability Reserved
Mar 12, 2009