Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0239

CWE-79 — Cross-site Scripting (XSS)7 documents4 sources

Severity

4.3MEDIUM

EPSS

9.6%

top 7.15%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

SUN Java System Identity Manager

Timeline

PublishedJan 11

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDsun/java_system_identity_manager6.0, 7.0, 7.1+2

Patches

Patch: www.procheckup.com ↗Patch: www.procheckup.com ↗Patch: www.procheckup.com ↗

🔴Vulnerability Details

GHSA

GHSA-g78x-6f6w-9xg9: Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6↗2022-05-01

▶

CVEList

CVE-2008-0239: Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6↗2008-01-11

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Windows Vista/2008 - ICMPv6 Router Advertisement Remote Code Execution↗2010-02-09

▶

Exploit-DB

Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/login.jsp' Multiple Cross-Site Scripting Vulnerabilities↗2008-01-09

▶

Exploit-DB

Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/account/findForSelect.jsp?resultsForm' Cross-Site Scripting↗2008-01-09

▶

Exploit-DB

Sun Java System Identity Manager 6.0/7.0/7.1 - '/idm/user/main.jsp?activeControl' Cross-Site Scripting↗2008-01-09

▶