vendor:
Java System Identity Manager
by:
SecurityFocus
7.5
CVSS
HIGH
HTML-injection and cross-site scripting
79, 80
CWE
Product Name: Java System Identity Manager
Affected Version From: 6.0 SP1
Affected Version To: 7.1
Patch Exists: YES
Related CWE: N/A
CPE: a:sun:java_system_identity_manager
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2007
Sun Java System Identity Manager Multiple Input Validation Vulnerabilities
Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied input. Attackers can exploit these issues to execute arbitrary HTML and script code in the context of the affected site. Successful exploits could allow an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Mitigation:
Input validation should be used to ensure that untrusted data is not allowed to enter the system. Additionally, users should be aware of the risks posed by untrusted data and should exercise caution when handling it.
