Vulnerability Description
Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Iplanet Messaging Server Messenger Express | All versions |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html
- http://securityreason.com/securityalert/1806
- http://www.securityfocus.com/archive/1/450184/100/0/threaded
- http://www.securityfocus.com/bid/20838Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29929
- http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html
- http://securityreason.com/securityalert/1806
- http://www.securityfocus.com/archive/1/450184/100/0/threaded
- http://www.securityfocus.com/bid/20838Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29929
FAQ
What is CVE-2006-5652?
CVE-2006-5652 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) functi...
How severe is CVE-2006-5652?
CVE-2006-5652 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-5652?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Iplanet Messaging Server Messenger Express.