Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console.
References
Link | Resource |
---|---|
http://sunsolve.sun.com/search/document.do?assetkey=1-66-247046-1 | Patch Vendor Advisory |
http://www.vupen.com/english/advisories/2009/0605 | Patch Vendor Advisory |
http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1 | Patch |
http://www.securityfocus.com/bid/33999 | Patch |
http://securitytracker.com/id?1021809 | |
http://secunia.com/advisories/34146 | Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/49076 |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Information
Published : 2009-03-09 14:30
Updated : 2017-08-16 18:30
NVD link : CVE-2009-0857
Mitre link : CVE-2009-0857
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
sun
- management_center
- solaris