Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Title Sun Alert 262428 Cross-site Scripting (XSS) Security Vulnerability in Sun Java Web Console May Allow Execution of Arbitrary Code
Name SUN-262428 First vendor Publication 2009-06-26
Vendor Sun Last vendor Modification 2009-07-08
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Product: Sun Java Web Console

Multiple Cross-Site Scripting (XSS) vulnerabilities in Sun Java Web Console may allow a local or remote unprivileged user to execute arbitrary scripting code within a user's browsing session.

Sun acknowledges with thanks, Luca Carettoni for bringing these issues to our attention.

State: Resolved
First released: 26-Jun-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_262428_cross_site

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Application 21
Os 2

OpenVAS Exploits

Date Description
2009-07-09 Name : Sun Java Web Console Multiple XSS Vulnerabilities
File : nvt/gb_sun_java_web_console_xss_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
55518 Sun Java Web Console Unspecified XSS

Nessus® Vulnerability Scanner

Date Description
2009-07-02 Name : The remote web application has multiple cross-site scripting vulnerabilities.
File : sun_java_web_console_helpwindow_xss.nasl - Type : ACT_ATTACK
2008-03-17 Name : The remote host is missing Sun Security Patch number 136987-03
File : solaris8_136987.nasl - Type : ACT_GATHER_INFO