Unrated severityNVD Advisory· Published Jul 1, 2009· Updated Apr 23, 2026
CVE-2009-2268
CVE-2009-2268
Description
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected products
26cpe:2.3:a:sun:java_system_access_manager:6:*:*:*:*:*:*:*+ 25 more
- cpe:2.3:a:sun:java_system_access_manager:6:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_10_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_10_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_8_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_8_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_9_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:6.0_2005q1:*:solaris_9_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:hp-ux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:solaris10_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:solaris9_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.0_2005q4:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:linux:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_10_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_8_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:solaris_9_x86:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7.1:*:windows:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_10_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_8_sparc:*:*:*:*:*
- cpe:2.3:a:sun:java_system_access_manager:7_2005q4:*:solaris_9_sparc:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- sunsolve.sun.com/search/document.donvdPatch
- sunsolve.sun.com/search/document.donvdPatchVendor Advisory
- secunia.com/advisories/35651nvdVendor Advisory
- sunsolve.sun.com/search/document.donvd
News mentions
0No linked articles in our index yet.