CVE-2004-2765

SUN Iplanet Messaging Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.

References (2)

[Patch] http://sunsolve.sun.com/search/document.do?assetkey=1-21-116568-56-1

[Patch, Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-66-201601-1

Scores

EPSS 0.0026

EPSS Percentile 49.4%

Classification

CWE

CWE-79

Status published

Affected Products (3)

sun/iplanet_messaging_server

sun/one_messaging_server

n/a/n/a

Timeline

Published Jan 28, 2010

Tracked Since Feb 18, 2026