CVE-2009-0877
Sun Java System Communications Express - Cross-Site Scripting via Full Name or Subject Field
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.
References (4)
Core 4
Core References
Exploit x_refsource_misc
http://sosoblood.freehostia.com/SJSC/html_injection.gif
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/501672/100/0/threaded
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34083
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/52718
Scores
EPSS
0.0025
EPSS Percentile
48.7%
Details
CWE
CWE-79
Status
published
Products (1)
sun/java_system_communications_express
Published
Mar 12, 2009
Tracked Since
Feb 18, 2026