Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1729

CWE-79Cross-site Scripting (XSS)5 documents4 sources
Severity
4.3MEDIUM
EPSS
9.1%
top 7.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
SUN Java System Communications Express
Timeline
PublishedMay 21
Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: sunsolve.sun.comPatch: sunsolve.sun.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-qvcw-3p9h-gm33: Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 62022-05-02
CVEList
CVE-2009-1729: Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 62009-05-21

💥Exploits & PoCs

2
Exploit-DB
Sun Java System Communications Express 6.3 - 'search.xml' Cross-Site Scripting2009-05-20
Exploit-DB
Sun Java System Communications Express 6.3 - 'UWCMain' Cross-Site Scripting2009-05-20
CVE-2009-1729 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io