CVE-2008-0239
SUN Java System Identity Manager - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Jan Fry & Adrian Pastor · textwebappsjsp
https://www.exploit-db.com/exploits/31004
exploitdb
WRITEUP
VERIFIED
by Jan Fry & Adrian Pastor · textwebappsjsp
https://www.exploit-db.com/exploits/31005
exploitdb
WRITEUP
VERIFIED
by Jan Fry & Adrian Pastor · textwebappsjsp
https://www.exploit-db.com/exploits/31007
References (16)
Scores
EPSS
0.0955
EPSS Percentile
92.7%
Classification
CWE
CWE-79
Status
draft
Affected Products (5)
sun/java_system_identity_manager
sun/java_system_identity_manager
sun/java_system_identity_manager
sun/java_system_identity_manager
sun/java_system_identity_manager
Timeline
Published
Jan 11, 2008
Tracked Since
Feb 18, 2026