CVE-2006-5652

Published: Nov 3, 2006Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.

Affected (1)

Products: Sun: Iplanet Messaging Server Messenger Express

1 product

Iplanet Messaging Server Messenger Express

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sun Iplanet Messaging Server Messenger Express	All versions

References (10)

http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html

Source: cve@mitre.org

http://securityreason.com/securityalert/1806

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/450184/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/20838

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/29929

Source: cve@mitre.org

http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://securityreason.com/securityalert/1806

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/450184/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/20838

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/29929

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.