Cross-Site Scripting Vulnerability in Sun Java System Portal Server
CVE-2009-1796

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Portal Server
Vendor: CVE Published:; 26 May 2009

Summary

A cross-site scripting (XSS) vulnerability exists in Sun Java System Portal Server versions 6.3.1, 7.1, and 7.2, enabling remote attackers to inject arbitrary web scripts or HTML through manipulated error pages. This flaw allows attackers to compromise user interactions with the web application, potentially leading to the theft of sensitive information, unauthorized actions, or further exploitation of users' sessions.

References

http://osvdb.org/54705

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2009/1411

vdb-entryx_refsource_VUPEN

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

Timeline

Vulnerability published
May 26, 2009
Vulnerability Reserved
May 26, 2009