CVE-2006-3225

3 documents3 sources

Severity

2.6LOW

EPSS

0.7%

top 28.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Java System Application Server SUN ONE Application Server

Timeline

PublishedJun 26

Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages2 packages

▶NVDsun/java_system_application_server7.0+1

▶NVDsun/one_application_server7.0

🔴Vulnerability Details

GHSA

GHSA-xc8r-vcf9-cfpr: Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and↗2022-05-01

▶

CVEList

CVE-2006-3225: Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and↗2006-06-26

▶