C-Note-07-005: Cross-Site Scripting Vulnerability in Sun Java System Access Manager (01/30/07)
A Cross Site Scripting (CSS or XSS) vulnerability in the Sun Java System Access Server may allow an unprivileged remote user to steal cookie information,
hijack sessions, or cause a loss of data privacy between a client and the server.
This advisory is posted at:
http://www.sunsolve.sun.com/search/document.do?assetkey=1-26-102621-1
CIAC would like to thank Sun for this information.