Unrated severityNVD Advisory· Published Jan 31, 2007· Updated Jun 16, 2026
CVE-2007-0628
CVE-2007-0628
Description
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.
Affected products
5cpe:2.3:a:sun:java_system_access_manager:6.1:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:sun:java_system_access_manager:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.3:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.0:*:*:*:*:*:*:*
- (no CPE)range: 6.1, 6.2, 6 2005Q1 (6.3), 7 2005Q4 (7.0) before 20070129
Patches
Vulnerability mechanics
References
7News mentions
0No linked articles in our index yet.