Sun Java System Web Server Advanced Search Mechanism Cross-Site Scripting Vulnerability

Sun Java System Web Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of a site that uses the affected functionality. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects Sun Java System Web Server 6.1 and 7.0 for SPARC, x86, Linux, Windows, HP-UX, and AIX platforms.


Privacy Statement
Copyright 2010, SecurityFocus