=B7= Security Advisory ==B7
Issue: Cross Site Scripting (XSS) Vulnerability in iPlanet Messaging Server
Messenger Express by "Sun"
Discovered Date: 25/09/2006
Author: Tal Argoni, LegendaryZion. [talargoni at gmail.com]
Product Vendor: http://www.sun.com/
iPlanet Messaging Server Messenger Express by "Sun" is prone to a Cross Site
The vulnerability exists in filter engine, caused by the lack of Input
of malicious Method "Expression()" of Cascading Style Sheets (CSS).
About Cascading Style Sheets (CSS):
Cascading Style Sheets (CSS) is a stylesheet language used to describe the
of a document written in a markup language. Its most common application is
to style web pages written
in HTML and XHTML.
About Expression() Method:
statement without quotations or semicolons. This string can include
other properties on the current page. Array references are not allowed on
properties included in this script.