CVE-2009-1079

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.vupen.com/english/advisories/2009/0797", "name": "ADV-2009-0797", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java", "name": "http://blogs.sun.com/security/entry/sun_alert_253267_sun_java", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253267-1", "name": "253267", "tags": ["Patch", "Vendor Advisory"], "refsource": "SUNALERT"}, {"url": "http://secunia.com/advisories/34380", "name": "34380", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/34191", "name": "34191", "tags": ["Exploit", "Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1021881", "name": "1021881", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager (IdM) 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-1079", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2009-03-25T15:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:sun:java_system_identity_manager:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_identity_manager:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_identity_manager:7.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:sun:java_system_identity_manager:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2009-10-06T04:00Z"}