Published: 21/05/2009 Updated: 10/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote malicious users to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sun java system communications express 6.3
sun java system communications express 6.2

Core Security Technologies Advisory - Several cross site scripting vulnerabilities were found in the following files/urls of the Sun Java System Communications Express system ...

source: wwwsecurityfocuscom/bid/34155/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data This issue is tracked by Sun Alert ID 258068 An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspect ...

source: wwwsecurityfocuscom/bid/34154/info Sun Java System Communications Express is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site T ...

CWE-79 http://www.securityfocus.com/bid/34155 http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1 http://www.securityfocus.com/bid/34154 http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1 http://www.coresecurity.com/content/sun-communications-express http://secunia.com/advisories/32474 http://www.vupen.com/english/advisories/2009/1389 http://securitytracker.com/alerts/2009/May/1022266.html http://seclists.org/fulldisclosure/2009/May/0177.html http://osvdb.org/54610 http://osvdb.org/54609 https://exchange.xforce.ibmcloud.com/vulnerabilities/50658 http://www.securityfocus.com/archive/1/503675/100/0/threaded https://nvd.nist.gov https://packetstormsecurity.com/files/77704/Core-Security-Technologies-Advisory-2009.0109.html https://www.exploit-db.com/exploits/32864/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1729

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect