Search criteria
15 vulnerabilities found for java_system_communications_express by sun
CVE-2010-4456 (GCVE-0-2010-4456)
Vulnerability from nvd – Published: 2011-01-19 16:00 – Updated: 2024-08-07 03:43
VLAI
Summary
Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://osvdb.org/70586 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2011/0157 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/45896 | vdb-entryx_refsource_BID |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://secunia.com/advisories/42990 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2011-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70586",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70586"
},
{
"name": "ADV-2011-0157",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"name": "sun-communications-webmail-unauth-access(64815)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64815"
},
{
"name": "45896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45896"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "42990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "70586",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70586"
},
{
"name": "ADV-2011-0157",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"name": "sun-communications-webmail-unauth-access(64815)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64815"
},
{
"name": "45896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45896"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "42990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-4456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70586",
"refsource": "OSVDB",
"url": "http://osvdb.org/70586"
},
{
"name": "ADV-2011-0157",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"name": "sun-communications-webmail-unauth-access(64815)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64815"
},
{
"name": "45896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45896"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "42990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2010-4456",
"datePublished": "2011-01-19T16:00:00.000Z",
"dateReserved": "2010-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:43:14.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1227 (GCVE-0-2010-1227)
Vulnerability from nvd – Published: 2010-04-01 22:00 – Updated: 2024-08-07 01:14
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/510154/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2011/0157 | vdb-entryx_refsource_VUPEN |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://secunia.com/advisories/42990 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2010-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100313 Sun Java System Communication Express CSRF via HPP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"name": "ADV-2011-0157",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "42990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100313 Sun Java System Communication Express CSRF via HPP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"name": "ADV-2011-0157",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "42990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100313 Sun Java System Communication Express CSRF via HPP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"name": "ADV-2011-0157",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "42990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1227",
"datePublished": "2010-04-01T22:00:00.000Z",
"dateReserved": "2010-04-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:14:06.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1729 (GCVE-0-2009-1729)
Vulnerability from nvd – Published: 2009-05-21 14:00 – Updated: 2024-08-07 05:20
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/34155 | vdb-entryx_refsource_BID |
| http://osvdb.org/54609 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2009/1389 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/34154 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/503675/100… | mailing-listx_refsource_BUGTRAQ |
| http://sunsolve.sun.com/search/document.do?assetk… | vendor-advisoryx_refsource_SUNALERT |
| http://seclists.org/fulldisclosure/2009/May/0177.html | mailing-listx_refsource_FULLDISC |
| http://sunsolve.sun.com/search/document.do?assetk… | x_refsource_CONFIRM |
| http://www.coresecurity.com/content/sun-communica… | x_refsource_MISC |
| http://secunia.com/advisories/32474 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/alerts/2009/May/1022266.html | vdb-entryx_refsource_SECTRACK |
| http://osvdb.org/54610 | vdb-entryx_refsource_OSVDB |
Date Public
2009-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34155"
},
{
"name": "54609",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54609"
},
{
"name": "ADV-2009-1389",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1389"
},
{
"name": "34154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34154"
},
{
"name": "communications-express-search-xss(50658)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
},
{
"name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
},
{
"name": "258068",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
},
{
"name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/May/0177.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/sun-communications-express"
},
{
"name": "32474",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32474"
},
{
"name": "1022266",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2009/May/1022266.html"
},
{
"name": "54610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54610"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34155"
},
{
"name": "54609",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54609"
},
{
"name": "ADV-2009-1389",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1389"
},
{
"name": "34154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34154"
},
{
"name": "communications-express-search-xss(50658)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
},
{
"name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
},
{
"name": "258068",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
},
{
"name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/May/0177.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/sun-communications-express"
},
{
"name": "32474",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32474"
},
{
"name": "1022266",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2009/May/1022266.html"
},
{
"name": "54610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54610"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34155"
},
{
"name": "54609",
"refsource": "OSVDB",
"url": "http://osvdb.org/54609"
},
{
"name": "ADV-2009-1389",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1389"
},
{
"name": "34154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34154"
},
{
"name": "communications-express-search-xss(50658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
},
{
"name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
},
{
"name": "258068",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
},
{
"name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/May/0177.html"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
},
{
"name": "http://www.coresecurity.com/content/sun-communications-express",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/sun-communications-express"
},
{
"name": "32474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32474"
},
{
"name": "1022266",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2009/May/1022266.html"
},
{
"name": "54610",
"refsource": "OSVDB",
"url": "http://osvdb.org/54610"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1729",
"datePublished": "2009-05-21T14:00:00.000Z",
"dateReserved": "2009-05-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:20:35.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0877 (GCVE-0-2009-0877)
Vulnerability from nvd – Published: 2009-03-12 15:00 – Updated: 2024-08-07 04:48
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://sosoblood.freehostia.com/SJSC/html_injection.gif | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/501672/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/34083 | vdb-entryx_refsource_BID |
| http://osvdb.org/52718 | vdb-entryx_refsource_OSVDB |
Date Public
2009-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sosoblood.freehostia.com/SJSC/html_injection.gif"
},
{
"name": "20090310 Sun Java System Communications Express [HTML Injection]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501672/100/0/threaded"
},
{
"name": "34083",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34083"
},
{
"name": "52718",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52718"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sosoblood.freehostia.com/SJSC/html_injection.gif"
},
{
"name": "20090310 Sun Java System Communications Express [HTML Injection]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501672/100/0/threaded"
},
{
"name": "34083",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34083"
},
{
"name": "52718",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52718"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sosoblood.freehostia.com/SJSC/html_injection.gif",
"refsource": "MISC",
"url": "http://sosoblood.freehostia.com/SJSC/html_injection.gif"
},
{
"name": "20090310 Sun Java System Communications Express [HTML Injection]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501672/100/0/threaded"
},
{
"name": "34083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34083"
},
{
"name": "52718",
"refsource": "OSVDB",
"url": "http://osvdb.org/52718"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0877",
"datePublished": "2009-03-12T15:00:00.000Z",
"dateReserved": "2009-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:48:52.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3472 (GCVE-0-2005-3472)
Vulnerability from nvd – Published: 2005-11-03 02:00 – Updated: 2024-08-07 23:10
VLAI
Summary
Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/20448 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/15271 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2005/2274 | vdb-entryx_refsource_VUPEN |
| http://sunsolve.sun.com/search/document.do?assetk… | vendor-advisoryx_refsource_SUNALERT |
| http://secunia.com/advisories/17395 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1015135 | vdb-entryx_refsource_SECTRACK |
Date Public
2005-11-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:09.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20448",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20448"
},
{
"name": "15271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15271"
},
{
"name": "ADV-2005-2274",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2274"
},
{
"name": "101948",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
},
{
"name": "17395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17395"
},
{
"name": "1015135",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-18T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20448",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20448"
},
{
"name": "15271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15271"
},
{
"name": "ADV-2005-2274",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2274"
},
{
"name": "101948",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
},
{
"name": "17395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17395"
},
{
"name": "1015135",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20448",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20448"
},
{
"name": "15271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15271"
},
{
"name": "ADV-2005-2274",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2274"
},
{
"name": "101948",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
},
{
"name": "17395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17395"
},
{
"name": "1015135",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3472",
"datePublished": "2005-11-03T02:00:00.000Z",
"dateReserved": "2005-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:09.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2010-4456
Vulnerability from fkie_nvd - Published: 2011-01-19 17:00 - Updated: 2026-04-29 01:13
Severity
Summary
Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_communications_express | 6.2 | |
| sun | java_system_communications_express | 6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_communications_express:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB18998-F782-4B46-8993-6C24BC993FFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_communications_express:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A472656-CEDB-4AE6-89DE-6686BB0F1EB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Oracle Sun Java System Communications Express v6.2 y v6.3 permite a atacantes remotos afectar a la integridad a trav\u00e9s de vectores desconocidos relacionados con la Web de correo."
}
],
"id": "CVE-2010-4456",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-19T17:00:02.780",
"references": [
{
"source": "secalert_us@oracle.com",
"url": "http://osvdb.org/70586"
},
{
"source": "secalert_us@oracle.com",
"url": "http://secunia.com/advisories/42990"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.securityfocus.com/bid/45896"
},
{
"source": "secalert_us@oracle.com",
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"source": "secalert_us@oracle.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64815"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/70586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45896"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64815"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1227
Vulnerability from fkie_nvd - Published: 2010-04-01 22:30 - Updated: 2026-04-29 01:13
Severity
Summary
Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_communications_express | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_communications_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A5BA7A-2B6E-43FC-B09E-F3D1786C047D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en Sun Java System Communications Express versiones 6.2 y 6.3, permite a los atacantes remotos inyectar script web o HTML arbitrario por medio del campo asunto de un mensaje, como es demostrado por un asunto que contiene un elemento IMG con un atributo SRC que realiza un ataque de tipo cross-site request forgery (CSRF) que involucra los par\u00e1metros cmd y argv en el archivo cmd.msc."
}
],
"id": "CVE-2010-1227",
"lastModified": "2026-04-29T01:13:23.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-04-01T22:30:00.420",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42990"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42990"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1729
Vulnerability from fkie_nvd - Published: 2009-05-21 14:30 - Updated: 2026-04-23 00:35
Severity
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_communications_express | 6.2 | |
| sun | java_system_communications_express | 6.3 | |
| sun | java_system_communications_express | 6.2 | |
| sun | java_system_communications_express | 6.3 | |
| sun | java_system_communications_express | 6.2 | |
| sun | java_system_communications_express | 6.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_communications_express:6.2:*:sparc:*:*:*:*:*",
"matchCriteriaId": "FBA91911-ED19-46D7-971B-6EF9DA615B62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_communications_express:6.3:*:sparc:*:*:*:*:*",
"matchCriteriaId": "B65186B3-C977-43F3-BBC8-EC5B34FCE0F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_communications_express:6.2:*:x86:*:*:*:*:*",
"matchCriteriaId": "80691D37-4CB9-4923-A7CB-BF827D1FBA3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_communications_express:6.3:*:x86:*:*:*:*:*",
"matchCriteriaId": "D5580EF9-DA16-42FE-B0C9-5525F38C6298",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_communications_express:6.2:*:linux:*:*:*:*:*",
"matchCriteriaId": "A8E7C46B-2200-48A1-8E9F-EEA79AF6B298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_communications_express:6.3:*:linux:*:*:*:*:*",
"matchCriteriaId": "B9EC75A9-17BB-4B21-B2C6-01FD9D2C1A12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados - XSS - en Sun Java System Communications Express 6 2005Q4 (tambi\u00e9n conocido como v6.2) y v6.3 que permite a los atacantes remotos inyectar arbitrariamente una secuencia de comandos web o HTML a trav\u00e9s del par\u00e1metro (1) abperson_displayName para uwc/abs/search.xml en la implementaci\u00f3n a\u00f1adir contacto en el componente libro de direcciones personales o el par\u00e1metros (2) temporaryCalendars para uwc/base/UWCMain."
}
],
"id": "CVE-2009-1729",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-21T14:30:00.483",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54609"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/54610"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/fulldisclosure/2009/May/0177.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32474"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/alerts/2009/May/1022266.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/sun-communications-express"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/34154"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/34155"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/1389"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/54610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2009/May/0177.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/alerts/2009/May/1022266.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.coresecurity.com/content/sun-communications-express"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/34154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/34155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/1389"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-0877
Vulnerability from fkie_nvd - Published: 2009-03-12 15:20 - Updated: 2026-04-23 00:35
Severity
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_communications_express | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_communications_express:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A5BA7A-2B6E-43FC-B09E-F3D1786C047D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de secuencias de comandos en sitios cruzados - XSS - en Sun Java System Communications Express que permite atacantes remotos inyectar una secuencia de comandos web o HTML a tra\u00b4ves del (1) Nombre completo o (2) campo asunto."
}
],
"id": "CVE-2009-0877",
"lastModified": "2026-04-23T00:35:47.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-03-12T15:20:49.907",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/52718"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://sosoblood.freehostia.com/SJSC/html_injection.gif"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/501672/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/52718"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://sosoblood.freehostia.com/SJSC/html_injection.gif"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/501672/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/34083"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3472
Vulnerability from fkie_nvd - Published: 2005-11-03 02:02 - Updated: 2026-04-16 00:27
Severity
Summary
Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | java_system_communications_express | 2004q2 | |
| sun | java_system_communications_express | 2005q1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sun:java_system_communications_express:2004q2:*:*:*:*:*:*:*",
"matchCriteriaId": "28D5E8CB-3378-4267-B8B5-ED8FC8332EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sun:java_system_communications_express:2005q1:*:*:*:*:*:*:*",
"matchCriteriaId": "79AEF095-3C38-4F6F-987D-557A0DC89FDE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files."
}
],
"id": "CVE-2005-3472",
"lastModified": "2026-04-16T00:27:16.627",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-03T02:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17395"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015135"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20448"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15271"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15271"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2274"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-4456 (GCVE-0-2010-4456)
Vulnerability from cvelistv5 – Published: 2011-01-19 16:00 – Updated: 2024-08-07 03:43
VLAI
Summary
Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://osvdb.org/70586 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2011/0157 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/45896 | vdb-entryx_refsource_BID |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://secunia.com/advisories/42990 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2011-01-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:43:14.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70586",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/70586"
},
{
"name": "ADV-2011-0157",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"name": "sun-communications-webmail-unauth-access(64815)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64815"
},
{
"name": "45896",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45896"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "42990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "70586",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/70586"
},
{
"name": "ADV-2011-0157",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"name": "sun-communications-webmail-unauth-access(64815)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64815"
},
{
"name": "45896",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45896"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "42990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2010-4456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to affect integrity via unknown vectors related to Web Mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70586",
"refsource": "OSVDB",
"url": "http://osvdb.org/70586"
},
{
"name": "ADV-2011-0157",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"name": "sun-communications-webmail-unauth-access(64815)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64815"
},
{
"name": "45896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45896"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "42990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2010-4456",
"datePublished": "2011-01-19T16:00:00.000Z",
"dateReserved": "2010-12-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:43:14.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1227 (GCVE-0-2010-1227)
Vulnerability from cvelistv5 – Published: 2010-04-01 22:00 – Updated: 2024-08-07 01:14
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/510154/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.vupen.com/english/advisories/2011/0157 | vdb-entryx_refsource_VUPEN |
| http://www.oracle.com/technetwork/topics/security… | x_refsource_CONFIRM |
| http://secunia.com/advisories/42990 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2010-03-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100313 Sun Java System Communication Express CSRF via HPP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"name": "ADV-2011-0157",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "42990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42990"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100313 Sun Java System Communication Express CSRF via HPP",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"name": "ADV-2011-0157",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "42990",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42990"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Communications Express 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via the subject field of a message, as demonstrated by a subject containing an IMG element with a SRC attribute that performs a cross-site request forgery (CSRF) attack involving the cmd and argv parameters to cmd.msc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100313 Sun Java System Communication Express CSRF via HPP",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/510154/100/0/threaded"
},
{
"name": "ADV-2011-0157",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0157"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html"
},
{
"name": "42990",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42990"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1227",
"datePublished": "2010-04-01T22:00:00.000Z",
"dateReserved": "2010-04-01T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:14:06.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1729 (GCVE-0-2009-1729)
Vulnerability from cvelistv5 – Published: 2009-05-21 14:00 – Updated: 2024-08-07 05:20
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/34155 | vdb-entryx_refsource_BID |
| http://osvdb.org/54609 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2009/1389 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/bid/34154 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/503675/100… | mailing-listx_refsource_BUGTRAQ |
| http://sunsolve.sun.com/search/document.do?assetk… | vendor-advisoryx_refsource_SUNALERT |
| http://seclists.org/fulldisclosure/2009/May/0177.html | mailing-listx_refsource_FULLDISC |
| http://sunsolve.sun.com/search/document.do?assetk… | x_refsource_CONFIRM |
| http://www.coresecurity.com/content/sun-communica… | x_refsource_MISC |
| http://secunia.com/advisories/32474 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/alerts/2009/May/1022266.html | vdb-entryx_refsource_SECTRACK |
| http://osvdb.org/54610 | vdb-entryx_refsource_OSVDB |
Date Public
2009-05-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:20:35.171Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "34155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34155"
},
{
"name": "54609",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54609"
},
{
"name": "ADV-2009-1389",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/1389"
},
{
"name": "34154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34154"
},
{
"name": "communications-express-search-xss(50658)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
},
{
"name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
},
{
"name": "258068",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
},
{
"name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2009/May/0177.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.coresecurity.com/content/sun-communications-express"
},
{
"name": "32474",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32474"
},
{
"name": "1022266",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/alerts/2009/May/1022266.html"
},
{
"name": "54610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54610"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-05-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "34155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34155"
},
{
"name": "54609",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54609"
},
{
"name": "ADV-2009-1389",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/1389"
},
{
"name": "34154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34154"
},
{
"name": "communications-express-search-xss(50658)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
},
{
"name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
},
{
"name": "258068",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
},
{
"name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2009/May/0177.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.coresecurity.com/content/sun-communications-express"
},
{
"name": "32474",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32474"
},
{
"name": "1022266",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/alerts/2009/May/1022266.html"
},
{
"name": "54610",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54610"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34155"
},
{
"name": "54609",
"refsource": "OSVDB",
"url": "http://osvdb.org/54609"
},
{
"name": "ADV-2009-1389",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1389"
},
{
"name": "34154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34154"
},
{
"name": "communications-express-search-xss(50658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50658"
},
{
"name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503675/100/0/threaded"
},
{
"name": "258068",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-258068-1"
},
{
"name": "20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/May/0177.html"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1"
},
{
"name": "http://www.coresecurity.com/content/sun-communications-express",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/sun-communications-express"
},
{
"name": "32474",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32474"
},
{
"name": "1022266",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2009/May/1022266.html"
},
{
"name": "54610",
"refsource": "OSVDB",
"url": "http://osvdb.org/54610"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1729",
"datePublished": "2009-05-21T14:00:00.000Z",
"dateReserved": "2009-05-20T00:00:00.000Z",
"dateUpdated": "2024-08-07T05:20:35.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0877 (GCVE-0-2009-0877)
Vulnerability from cvelistv5 – Published: 2009-03-12 15:00 – Updated: 2024-08-07 04:48
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://sosoblood.freehostia.com/SJSC/html_injection.gif | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/501672/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/34083 | vdb-entryx_refsource_BID |
| http://osvdb.org/52718 | vdb-entryx_refsource_OSVDB |
Date Public
2009-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:48:52.619Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sosoblood.freehostia.com/SJSC/html_injection.gif"
},
{
"name": "20090310 Sun Java System Communications Express [HTML Injection]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/501672/100/0/threaded"
},
{
"name": "34083",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34083"
},
{
"name": "52718",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/52718"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sosoblood.freehostia.com/SJSC/html_injection.gif"
},
{
"name": "20090310 Sun Java System Communications Express [HTML Injection]",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/501672/100/0/threaded"
},
{
"name": "34083",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34083"
},
{
"name": "52718",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/52718"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express allow remote attackers to inject arbitrary web script or HTML via the (1) Full Name or (2) Subject field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sosoblood.freehostia.com/SJSC/html_injection.gif",
"refsource": "MISC",
"url": "http://sosoblood.freehostia.com/SJSC/html_injection.gif"
},
{
"name": "20090310 Sun Java System Communications Express [HTML Injection]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501672/100/0/threaded"
},
{
"name": "34083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34083"
},
{
"name": "52718",
"refsource": "OSVDB",
"url": "http://osvdb.org/52718"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0877",
"datePublished": "2009-03-12T15:00:00.000Z",
"dateReserved": "2009-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:48:52.619Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3472 (GCVE-0-2005-3472)
Vulnerability from cvelistv5 – Published: 2005-11-03 02:00 – Updated: 2024-08-07 23:10
VLAI
Summary
Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.osvdb.org/20448 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/bid/15271 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2005/2274 | vdb-entryx_refsource_VUPEN |
| http://sunsolve.sun.com/search/document.do?assetk… | vendor-advisoryx_refsource_SUNALERT |
| http://secunia.com/advisories/17395 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1015135 | vdb-entryx_refsource_SECTRACK |
Date Public
2005-11-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:09.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20448",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20448"
},
{
"name": "15271",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15271"
},
{
"name": "ADV-2005-2274",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2274"
},
{
"name": "101948",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
},
{
"name": "17395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17395"
},
{
"name": "1015135",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015135"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-18T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20448",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20448"
},
{
"name": "15271",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15271"
},
{
"name": "ADV-2005-2274",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2274"
},
{
"name": "101948",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
},
{
"name": "17395",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17395"
},
{
"name": "1015135",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015135"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3472",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20448",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20448"
},
{
"name": "15271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15271"
},
{
"name": "ADV-2005-2274",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2274"
},
{
"name": "101948",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101948-1"
},
{
"name": "17395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17395"
},
{
"name": "1015135",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015135"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3472",
"datePublished": "2005-11-03T02:00:00.000Z",
"dateReserved": "2005-11-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:10:09.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}