CVE-2009-2268

Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
sunjava_system_access_manager
6.0_2005q1:_2005q1
sunjava_system_access_manager
6.0_2005q1:_2005q1
sunjava_system_access_manager
6.0_2005q1:_2005q1
sunjava_system_access_manager
6.0_2005q1:_2005q1
sunjava_system_access_manager
6.0_2005q1:_2005q1
sunjava_system_access_manager
6.0_2005q1:_2005q1
sunjava_system_access_manager
6.0_2005q1:_2005q1
sunjava_system_access_manager
7.0
sunjava_system_access_manager
7.0_2005q4:_2005q4
sunjava_system_access_manager
7.0_2005q4:_2005q4
sunjava_system_access_manager
7.0_2005q4:_2005q4
sunjava_system_access_manager
7.0_2005q4:_2005q4
sunjava_system_access_manager
7.0_2005q4:_2005q4
sunjava_system_access_manager
7.1
sunjava_system_access_manager
7.1
sunjava_system_access_manager
7.1
sunjava_system_access_manager
7.1
sunjava_system_access_manager
7.1
sunjava_system_access_manager
7.1
sunjava_system_access_manager
7.1
sunjava_system_access_manager
7.1
sunjava_system_access_manager
7.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/35651
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1
http://secunia.com/advisories/35651
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1