Five Sun.com XSS flaws in the SSL user login page

Thursday, 23 April 2009

Xylitol reported five critical cross-site scripting vulnerabilities affecting Sun Microsystems website.

Despite the use of SSL in the user login page, malicious users can exploit these flaws to conduct phishing attacks and infect Sun's customers and site visitors with malware, adware and spyware.

Sun.com XSS Mirrors:
java.sun.com XSS
suned.sun.com XSS -> Using SSL
portal.sun.com XSS -> Using SSL
forums.sun.com XSS
ads.sun.com Redirect

Sun Microsystems has been XSSed in the past.