Multiple Cross-Site Scripting Vulnerabilities in Sun Java Web Console
CVE-2009-2283

Currently unrated

Key Information:

Vendor: Oracle
Status: Java Web Console; Solaris
Vendor: CVE Published:; 1 July 2009

Summary

The Sun Java Web Console has multiple vulnerabilities that allow remote attackers to inject and execute arbitrary web scripts or HTML. This is due to improper handling of input in help JSP scripts across several versions, including 3.0.2 through 3.0.5, as well as the version included in Solaris 10. Exploitation of these vulnerabilities could lead to unauthorized actions being performed by users or confidential data exposure.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

http://secunia.com/advisories/35597

third-party-advisoryx_refsource_SECUNIA

http://sunsolve.sun.com/search/document.do?assetkey=1-77-...

vendor-advisoryx_refsource_SUNALERT

Timeline

Vulnerability published
Jul 1, 2009
Vulnerability Reserved
Jul 1, 2009