[原文]Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, a different vulnerability than CVE-2005-2022 and CVE-2006-5486.
[CNNVD]Sun ONE Messaging Server 和 iPlanet Messaging Server中 Webmail存在跨站脚本攻击漏洞(CNNVD-201001-269)
Sun ONE Messaging Server 6.1 和 iPlanet Messaging Server 5.2hf2.02以前的5.2版本中的Webmail存在跨站脚本攻击漏洞。当IE被运行时，远程攻击者可以借助一个特定的电子邮件信息，注入任意web脚本或HTML。该漏洞不同于CVE-2005-2022 和 CVE-2006-5486。
Sun ONE Messaging Server Crafted Email Message XSS
Remote / Network Access
Loss of Integrity
Patch / RCS
Sun ONE Messaging Server and iPlanet Messaging Server Webmail contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate input. This may allow an attacker to create a specially crafted email that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
Currently, there are no known workarounds or upgrades to correct this issue. However, Sun has released a patch to address this vulnerability.