Published: 03/11/2006 Updated: 17/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote malicious users to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun iplanet messaging server messenger express

source: wwwsecurityfocuscom/bid/20838/info iPlanet Messaging Server Messenger Express is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data An attacker can exploit this issue to execute arbitrary JavaScript in the victim's browser <IMG style="width: expression(alert('expression')); ...

NVD-CWE-Other http://www.securityfocus.com/bid/20838 http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html http://securityreason.com/securityalert/1806 https://exchange.xforce.ibmcloud.com/vulnerabilities/29929 http://www.securityfocus.com/archive/1/450184/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/28890/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-5652

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect