Back to search
CVE-2009-1729
Published: May 21, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
34155
vdb-entry
x_refsource_BID
54609
vdb-entry
x_refsource_OSVDB
ADV-2009-1389
vdb-entry
x_refsource_VUPEN
34154
vdb-entry
x_refsource_BID
communications-express-search-xss(50658)
vdb-entry
x_refsource_XF
20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express
mailing-list
x_refsource_BUGTRAQ
258068
vendor-advisory
x_refsource_SUNALERT
20090520 CORE-2009-0109 - Multiple XSS in Sun Communications Express
mailing-list
x_refsource_FULLDISC
http://sunsolve.sun.com/search/document.do?assetkey=1-21-122793-26-1
x_refsource_CONFIRM
http://www.coresecurity.com/content/sun-communications-express
x_refsource_MISC
32474
third-party-advisory
x_refsource_SECUNIA
1022266
vdb-entry
x_refsource_SECTRACK
54610
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now