Description
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (4)
Core 4
Core References
Patch x_refsource_confirm
http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35651
Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1
Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1
Scores
EPSS
0.0027
EPSS Percentile
51.0%
Details
CWE
CWE-79
Status
published
Products (6)
sun/java_system_access_manager
6
sun/java_system_access_manager
6.0_2005q1 (7 CPE variants)
sun/java_system_access_manager
7.0
sun/java_system_access_manager
7.0_2005q4 (5 CPE variants)
sun/java_system_access_manager
7.1 (9 CPE variants)
sun/java_system_access_manager
7_2005q4 (3 CPE variants)
Published
Jul 01, 2009
Tracked Since
Feb 18, 2026