CVE-2004-2765

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 50.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Iplanet Messaging Server SUN ONE Messaging Server

Timeline

PublishedJan 28

Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDsun/iplanet_messaging_server5.2

▶NVDsun/one_messaging_server6.1

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-547m-mqmc-2jqg: Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6↗2022-04-29

▶

CVEList

CVE-2004-2765: Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6↗2010-01-28

▶