Sun Solaris AnswerBook2 is reported prone to multiple cross-site scripting vulnerabilities. These issues arise due to insufficient sanitization of user-supplied data facilitating execution of arbitrary HTML and script code in a user's browser. The following specific issues were identified: It is reported that the Search function of the application is affected by a cross-site scripting vulnerability. The AnswerBook2 admin interface is prone to cross-site scripting attacks as well. These issues can lead to theft of cookie based credentials and other attacks. AnswerBook2 1.4.4 and prior versions are affected by these issues.

Sun has released a advisory to address these issues. The vendor recommends disabling the application and referring to Sun documentation at the Sun Product Documentation Web site at http://docs.sun.com or viewing the documentation on the Solaris Documentation CD. Please see the referenced advisory for more information.

• http://sunsolve.sun.com/search/document.do?assetkey=1-26-57737-1&searchclause=%22category:security%22%20%22availability
• http://www.securityfocus.com/archive/1/394429
• http://www.securityfocus.com/bid/12746

---

Updated on 2017-03-28