{"api_version":"1","generated_at":"2026-04-25T02:50:15+00:00","cve":"CVE-2007-2904","urls":{"html":"https://cve.report/CVE-2007-2904","api":"https://cve.report/api/cve/CVE-2007-2904.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-2904","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-2904"},"summary":{"title":"CVE-2007-2904","description":"Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-05-30 10:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.securitytracker.com/id?1018106","name":"http://www.securitytracker.com/id?1018106","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sun Java System Messaging Server Input Validation Hole Permits Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/38146","name":"http://osvdb.org/38146","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102909-1","name":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102909-1","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"#200613: Cross-site Scripting Vulnerability in Sun Java System Messaging Server","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-2904","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2904","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"2904","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_messaging_server","cpe6":"6.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2904","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_messaging_server","cpe6":"6.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2904","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_messaging_server","cpe6":"6.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2007","cve_id":"2904","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"java_system_messaging_server","cpe6":"6.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T13:57:54.624Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"1018106","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018106"},{"name":"102909","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102909-1"},{"name":"38146","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/38146"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-05-23T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2008-11-15T10:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"1018106","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018106"},{"name":"102909","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102909-1"},{"name":"38146","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/38146"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-2904","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"1018106","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018106"},{"name":"102909","refsource":"SUNALERT","url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-102909-1"},{"name":"38146","refsource":"OSVDB","url":"http://osvdb.org/38146"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-2904","datePublished":"2007-05-30T10:00:00.000Z","dateReserved":"2007-05-29T00:00:00.000Z","dateUpdated":"2024-08-07T13:57:54.624Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-05-30 10:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_messaging_server:6.0:*:*:*:*:*:*:*","matchCriteriaId":"1F5C5BCA-AE01-4B2E-A58A-7008204ECBDD"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_messaging_server:6.1:*:*:*:*:*:*:*","matchCriteriaId":"5B21520C-F3F0-4729-9EEF-D7C8126909D9"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_messaging_server:6.2:*:*:*:*:*:*:*","matchCriteriaId":"5EF7F585-E068-4555-B2B1-505C6299BEE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:java_system_messaging_server:6.3:*:*:*:*:*:*:*","matchCriteriaId":"9664D934-37B7-4004-B8E8-0319A6241C00"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"2904","Ordinal":"1","Title":"CVE-2007-2904","CVE":"CVE-2007-2904","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"2904","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.0 through 6.3, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a related issue to CVE-2006-5653.","Type":"Description","Title":"CVE-2007-2904"},{"CveYear":"2007","CveId":"2904","Ordinal":"2","NoteData":"2007-05-30","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"2904","Ordinal":"3","NoteData":"2008-11-15","Type":"Other","Title":"Modified"}]}}}