CVE-2009-2268

Sun Java System Access Manager - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (4)

[Vendor Advisory] http://secunia.com/advisories/35651

[Patch] http://sunsolve.sun.com/search/document.do?assetkey=1-21-126356-03-1

[Patch, Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-66-256568-1

[Vendor Advisory] http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020343.1-1

Scores

EPSS 0.0027

EPSS Percentile 50.7%

Classification

CWE

CWE-79

Status published

Affected Products (27)

sun/java_system_access_manager

... and 12 more

Timeline

Published Jul 01, 2009

Tracked Since Feb 18, 2026