CVE-2006-3225 - Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java Syste

CVE-2006-3225

Summary

Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.

References

Vulnerable Configurations

cpe:2.3:a:sun:java_system_application_server:*:ur4:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_application_server:*:ur4:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*
cpe:2.3:a:sun:java_system_application_server:8.1:*:enterprise:*:*:*:*:*
cpe:2.3:a:sun:one_application_server:*:update_8:*:*:*:*:*:*
cpe:2.3:a:sun:one_application_server:*:update_8:*:*:*:*:*:*

CVSS

Base:	2.6 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:H/Au:N/C:N/I:P/A:N

refmap via4

bid	18635
sectrack	1016378
secunia	20835
sunalert	102479
vupen	ADV-2006-2508
xf	sun-java-parameters-xss(27392)

Last major update

20-07-2017 - 01:32

Published

26-06-2006 - 16:05

Last modified

20-07-2017 - 01:32