Unrated severityNVD Advisory· Published Nov 3, 2006· Updated Jun 16, 2026

CVE-2006-5652

Description

Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Sun Corporation/Iplanet Messaging Server Messenger Express2 versions
cpe:2.3:a:sun:iplanet_messaging_server_messenger_express:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:sun:iplanet_messaging_server_messenger_express:*:*:*:*:*:*:*:*
- (no CPE)

Patches

Vulnerability mechanics

References

www.securityfocus.com/bid/20838nvdExploit
lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.htmlnvd
securityreason.com/securityalert/1806nvd
www.securityfocus.com/archive/1/450184/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/29929nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000