CVE-2005-2022 — Cross-site Scripting in Iplanet Messaging Server

CWE-79 — Cross-site Scripting CWE-327 — Use of a Broken or Risky Cryptographic Algorithm CWE-347 — Improper Verification of Cryptographic Signature CWE-2646 documents5 sources

Severity

4.3MEDIUMNVD

GHSA5.0CISA9.8CISA7.8

EPSS

0.3%

top 42.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Iplanet Messaging Server SUN ONE Messaging Server

Timeline

PublishedJun 17

Latest updateOct 6

Description

Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDsun/iplanet_messaging_server5.2

▶NVDsun/one_messaging_server6.2

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

SIF's Digital Signature Hash Algorithms Not Validated↗2022-10-06

▶

GHSA

GHSA-c86q-px74-v8w3: Unknown vulnerability in Webmail in iPlanet Messaging Server 5↗2022-05-01

▶

CVEList

CVE-2005-2022: Unknown vulnerability in Webmail in iPlanet Messaging Server 5↗2005-06-21

▶

📋Vendor Advisories

CISA

Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability↗2022-03-28

▶

CISA

HP OpenView Network Node Manager Remote Code Execution Vulnerability↗2022-03-25

▶