Donate Telegram

CVE-2006-5652

NONE EPSS 3.17%

Nov 03, 2006

Updated Apr 23, 2026

Sun

Parameter	Value
Vendor	Sun
Public PoC	No

Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Sun Iplanet_Messaging_Server_Messenger_Express cpe:2.3:a:sun:iplanet_messaging_server_messenger_express::::::::	—	—

References 5

http://lists.grok.org.uk/pipermail/full-disclosure/2006-October/050460.html

http://securityreason.com/securityalert/1806

http://www.securityfocus.com/archive/1/450184/100/0/threaded

http://www.securityfocus.com/bid/20838

https://exchange.xforce.ibmcloud.com/vulnerabilities/29929

Share Post Share Share Share

Related Vulnerabilities

CVE-2012-0507

Debian

CVE-2006-6009

Sun

CVE-2006-5726

Sun

CVE-2006-5653

Sun

CVE-2006-5654

Sun

CVE Details

CVE ID

CVE-2006-5652

Published Date

Nov 03, 2006

Vendor

Sun

Severity

NONE

Exploit Prediction (EPSS)

Probability of Exploit 3.17%

Likelihood of exploitation in next 30 days

Percentile: 87.0th percentile (higher than 87.0% of all CVEs)

Standard patching cycle

Impact

Minimal impact

Source

Editor's Choice