CVE-2007-3503Cross-site Scripting in Ucosminexus Application Server Enterprise

CWE-79Cross-site Scripting6 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
1.1%
top 22.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Hitachi Ucosminexus Application Server EnterpriseHitachi Ucosminexus Application Server StandardHitachi Ucosminexus Developer Standard+2 more
Timeline
PublishedJun 30
Latest updateMay 1

Description

The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

NVDoracle/jdk1.5.0, 1.6.0+1

🔴Vulnerability Details

2
GHSA
GHSA-7m4h-vmxp-2j43: The Javadoc tool in Sun JDK 6 and JDK 52022-05-01
GHSA
GHSA-wv5h-grg4-29jw: The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 72022-05-01

📋Vendor Advisories

1
Red Hat
HTML files generated with Javadoc are vulnerable to a XSS2007-06-28

💬Community

1
Bugzilla
CVE-2007-3503 HTML files generated with Javadoc are vulnerable to a XSS2007-07-04
CVE-2007-3503 — Cross-site Scripting | cvebase