CVE-2007-3503
The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML documentation pages that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Date published : 2007-06-29
http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html