CVE-2004-2765
Sun iPlanet and ONE Messaging Server - Cross-Site Scripting via Crafted Email Message
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.
References (2)
Core 2
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201601-1
Patch x_refsource_confirm
http://sunsolve.sun.com/search/document.do?assetkey=1-21-116568-56-1
Scores
EPSS
0.0026
EPSS Percentile
49.6%
Details
CWE
CWE-79
Status
published
Products (2)
sun/iplanet_messaging_server
5.2
sun/one_messaging_server
6.1
Published
Jan 28, 2010
Tracked Since
Feb 18, 2026