Sun.Java.Calendar.Server.Command.Shtml.XSS
Description
This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in Sun Java system calendar server.
The vulnerability is due to input validation errors when processing the "date" parameter. It can be exploited by attackers to cause malicious script code to be executed by the user's browser.
Affected Products
Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0
Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01
Impact
System Compromise: remote script execution.
Recommended Actions
Apply the update from the vendor.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-01-11 | 16.995 |