CVE-2006-5486

Sun Java System Messaging Server 6.0-6.2 and iPlanet Messaging Server 5.2 - Cross-Site Scripting via Crafted Messages

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System Messaging Server 6.0 through 6.2 and iPlanet Messaging Server 5.2 allows remote attackers to execute arbitrary Javascript via crafted messages.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20708
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017113
Patch, Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102497-1
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22575
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4183
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29806

Scores

EPSS 0.0055
EPSS Percentile 68.1%

Details

CWE
CWE-79
Status published
Products (4)
sun/iplanet_messaging_server 5.2
sun/java_system_messaging_server 6.0
sun/java_system_messaging_server 6.1
sun/java_system_messaging_server 6.2
Published Oct 24, 2006
Tracked Since Feb 18, 2026