[2/5] Sun Java System Identity Manager Unspecified Cross-Site Scripting

January 10th, 2008 by

[2/5] Sun Java System Identity Manager Unspecified Cross-Site Scripting

:Some vulnerabilities have been reported in Sun Java System Identity Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.Input passed to unspecified parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.The vulnerability is reported in Sun Java System Identity Manager 6.0 (including SP1, SP2, SP3), 7.0, and 7.1.Solution:A final resolution is pending completion.Do not follow links from untrusted sources.Provided and/or discovered by:The vendor credits Adrian Pastor and Jan Fry of ProCheckUp Ltd.Original Advisory:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1

Original post by amit

[2/5] Sun Java System Identity Manager Unspecified Cross-Site Scripting

Related Articles:

[2/5] Sun Java System Access Manager Cross-Site Scripting Vulnerability

[2/5] Sun Java System Identity Manager Cross-Site Scripting Vulnerabilities

[2/5] Sun Java Server Faces Input Handling Cross-Site Scripting

[3/5] Sun Java System Access Manager Two Security Issues

[2/5] HP Select Identity Multiple Unspecified Vulnerabilities

Posted in Advisories - Exploits | | [2/5] Sun Java System Identity Manager Unspecified Cross-Site Scripting

<< [3/5] McAfee E-Business Server Authentication Packet Handling Vulnerability | [3/5] Red Hat update for libxml2 >>

Cybertrion Systems

[2/5] Sun Java System Identity Manager Unspecified Cross-Site Scripting

Categories

Archives:

Search:

Meta: