4.3
CVE-2006-5652
- EPSS 1.64%
- Veröffentlicht 03.11.2006 00:07:00
- Zuletzt bearbeitet 16.06.2026 22:31:36
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.64% | 0.732 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html
http://securityreason.com/securityalert/1806
http://www.securityfocus.com/archive/1/450184/100/0/threaded
http://www.securityfocus.com/bid/20838
https://exchange.xforce.ibmcloud.com/vulnerabilities/29929