CVE-2006-5652: XSS
First published: Fri Nov 03 2006(Updated: )
Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sun iPlanet Messaging Server Messenger Express |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2006-5652?
CVE-2006-5652 has been classified with a moderate severity level due to its cross-site scripting (XSS) nature.
How do I fix CVE-2006-5652?
To fix CVE-2006-5652, it is recommended to update the Sun iPlanet Messaging Server Messenger Express to the latest version that addresses this vulnerability.
What type of attack does CVE-2006-5652 involve?
CVE-2006-5652 involves a cross-site scripting (XSS) attack that allows remote attackers to inject arbitrary web scripts.
What software is affected by CVE-2006-5652?
CVE-2006-5652 affects Sun iPlanet Messaging Server Messenger Express.
Is CVE-2006-5652 easily exploitable?
Yes, CVE-2006-5652 is considered easily exploitable by attackers who can craft specific web requests.
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/references
- agent/description
- vendor/sun
- canonical/sun iplanet messaging server messenger express