CVE-2006-5653
published 2006-11-03CVE-2006-5653: Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
4.78%
90.8th percentile
Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sun | java_system_messaging_server | — | — |
| sun | java_system_messaging_server | — | — |
| sun | java_system_messaging_server | — | — |
| sun | java_system_messaging_server | — | — |
| sun | java_system_messenger_express | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Sun Java System Messenger Express 6 errorhtml Error cross site scripting (EDB-28887 / XFDB-29939)
vuldb·2026-04-26·CVSS 4.3
CVE-2006-5653 [MEDIUM] Sun Java System Messenger Express 6 errorhtml Error cross site scripting (EDB-28887 / XFDB-29939)
A vulnerability has been found in Sun Java System Messenger Express 6 and classified as problematic. Impacted is the function errorhtml. The manipulation of the argument Error leads to basic cross site scripting.
This vulnerability is documented as CVE-2006-5653. The attack can be initiated remotely. Additionally, an exploit exists.
It is recommended to apply a patch to fix this issue.
GHSA
GHSA-x47j-hhhf-c437: Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-2904 [MEDIUM] GHSA-x47j-hhhf-c437: Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6
Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653.
GHSA
GHSA-g6hq-gv45-xmqw: Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2006-5653 [MEDIUM] GHSA-g6hq-gv45-xmqw: Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers
Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned.
No detection rules found.
No writeups or analysis indexed.
http://secunia.com/advisories/22663http://securityreason.com/securityalert/1805http://www.securityfocus.com/archive/1/450153/100/0/threadedhttp://www.securityfocus.com/archive/1/456273/100/200/threadedhttp://www.securityfocus.com/bid/20832http://www.securitytracker.com/id?1018106http://www.vupen.com/english/advisories/2006/4281https://exchange.xforce.ibmcloud.com/vulnerabilities/29939http://secunia.com/advisories/22663http://securityreason.com/securityalert/1805http://www.securityfocus.com/archive/1/450153/100/0/threadedhttp://www.securityfocus.com/archive/1/456273/100/200/threadedhttp://www.securityfocus.com/bid/20832http://www.securitytracker.com/id?1018106http://www.vupen.com/english/advisories/2006/4281https://exchange.xforce.ibmcloud.com/vulnerabilities/29939
2006-11-03
Published