CVE-2006-2501

Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.

Published: May 20, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-2501
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
sun / one_application_server	7.0	7.0.x
sun / one_web_server	6.0-sp3	6.0-sp3.x
sun / one_application_server	6.0-sp1	6.0-sp1.x
sun / java_system_web_server	6.1-sp1	6.1-sp1.x
sun / one_application_server	-	7.0.x
sun / one_application_server	6.0	6.0.x
sun / one_web_server	6.0-sp5	6.0-sp5.x
sun / java_system_web_server	6.1-sp3	6.1-sp3.x
sun / one_web_server	6.0-sp7	6.0-sp7.x
sun / java_system_application_server	-	7.0.x
sun / one_web_server	6.0-sp8	6.0-sp8.x
sun / java_system_web_server	6.1	6.1.x
sun / java_system_web_server	-	6.1.x
sun / one_application_server	6.0-sp2	6.0-sp2.x
sun / one_web_server	6.0-sp4	6.0-sp4.x
sun / one_web_server	-	6.0.x
sun / java_system_web_server	6.1-sp2	6.1-sp2.x

Vulnerability Database

289,599

CVE-2006-2501