CVE-2008-0240

SUN Java System Identity Manager - XSS

Title source: rule

Description

/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."

Exploits (1)

exploitdb WRITEUP VERIFIED

by Jan Fry & Adrian Pastor · textwebappsjsp

https://www.exploit-db.com/exploits/31006

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://secunia.com/advisories/28356

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-26-103180-1

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-66-200558-1

[Exploit, Patch] http://www.procheckup.com/Vulnerability_PR07-10.php

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39586

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/486076/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27214

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/0089

[Third Party Advisory] http://securityreason.com/securityalert/3535

Scores

EPSS 0.0736

EPSS Percentile 91.6%

Classification

CWE

CWE-79

Status draft

Affected Products (5)

sun/java_system_identity_manager

Timeline

Published Jan 11, 2008

Tracked Since Feb 18, 2026