Description
Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1023260
Patch x_refsource_confirm
http://sunsolve.sun.com/search/document.do?assetkey=1-21-138686-04-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37186
Patch, Vendor Advisory vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-66-269368-1
Scores
EPSS
0.0018
EPSS Percentile
38.9%
Details
CWE
CWE-79
Status
published
Products (3)
sun/java_system_portal_server
7.1 (2 CPE variants)
sun/java_system_portal_server
7.2 (2 CPE variants)
sun/java_system_portal_server
6.3.1 (2 CPE variants)
Published
Dec 03, 2009
Tracked Since
Feb 18, 2026