Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-2904. http://sunsolve.sun.com/search/document.do?assetkey1-26-242186-1
5. Resolution
This issue is addressed in the following releases:
SPARC Platform
* Sun Java System Messaging Server 6.2 and 6.3 (for Solaris 9 and Solaris 10) with patch 120228-29 or later
* Sun Java System Messaging Server 6.3 (64-bit Solaris) with patch 126479-10 or later
x86 Platform
* Sun Java System Messaging Server 6.2 and 6.3 (for Solaris 9 and Solaris 10) with patch 120229-29 or later
* Sun Java System Messaging Server 6.3 (64-bit) with patch 126480-10 or later
Linux Platform
* Sun Java System Messaging Server 6.2 and 6.3 (for RHEL 3 and RHEL 4) with patch 120230-29 or later
Publication date: Tue, 18 Nov 2008 00:18:00 +0000