This script is Copyright (C) 2008-2012 Tenable Network Security, Inc.
The remote web server contains an application that is affected by
multiple cross-site scripting vulnerabilities.
The remote host is running Sun Java System Identity Manager, a Java
application for user provisioning and identity auditing in enterprise
The version of Identity Manager installed on the remote host fails to
sanitize user-supplied input to various JSP scripts before using it to
generate dynamic content. An unauthenticated, remote attacker may be
able to leverage these issues to inject arbitrary HTML or script code
into a user's browser to be executed within the security context of
the affected site.
Known to be affected are the 'cntry' and 'lang' parameters of the
'login.jsp' script, the 'resultsForm' parameter of the
'account/findForSelect.jsp' script, the 'activeControl' parameter of
the 'user/main.jsp' script, the 'helpUrl' parameter of the
'help/index.jsp' script, and the 'nextPage' parameter of the
See also :
Upgrade to one of the versions of Sun Java System Identity Manager
listed in the vendor's advisory.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 29926 ()
Bugtraq ID: 27214
CVE ID: CVE-2008-0239CVE-2008-0240CVE-2008-0241
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.