VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published May 20, 2006· Updated Apr 16, 2026

CVE-2006-2501

CVE-2006-2501

Description

Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.

Affected products

20
  • Sun Corporation/Java System Application Server2 versions
    cpe:2.3:a:sun:java_system_application_server:*:ur2:enterprise:*:*:*:*:*+ 1 more
    • cpe:2.3:a:sun:java_system_application_server:*:ur2:enterprise:*:*:*:*:*range: <=7.0
    • cpe:2.3:a:sun:java_system_application_server:*:ur2:standard:*:*:*:*:*range: <=7.0
  • Sun Corporation/Java System Web Server5 versions
    cpe:2.3:a:sun:java_system_web_server:*:sp4:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:sun:java_system_web_server:*:sp4:*:*:*:*:*:*range: <=6.1
    • cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*
    • cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*
  • Sun Corporation/One Application Server7 versions
    cpe:2.3:a:sun:one_application_server:*:update_6:platform:*:*:*:*:*+ 6 more
    • cpe:2.3:a:sun:one_application_server:*:update_6:platform:*:*:*:*:*range: <=7.0
    • cpe:2.3:a:sun:one_application_server:*:update_6:standard:*:*:*:*:*range: <=7.0
    • cpe:2.3:a:sun:one_application_server:6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:sun:one_application_server:6.0:sp1:*:*:*:*:*:*
    • cpe:2.3:a:sun:one_application_server:6.0:sp2:*:*:*:*:*:*
    • cpe:2.3:a:sun:one_application_server:7.0:*:platform:*:*:*:*:*
    • cpe:2.3:a:sun:one_application_server:7.0:*:standard:*:*:*:*:*
  • Sun Corporation/One Web Server6 versions
    cpe:2.3:a:sun:one_web_server:*:sp9:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:sun:one_web_server:*:sp9:*:*:*:*:*:*range: <=6.0
    • cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*
    • cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*
    • cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*
    • cpe:2.3:a:sun:one_web_server:6.0:sp7:*:*:*:*:*:*
    • cpe:2.3:a:sun:one_web_server:6.0:sp8:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.