Cross-Site Scripting Vulnerability in Sun Java System Web Server
CVE-2008-2166
Currently unrated
Summary
A vulnerability exists in the search module of Sun Java System Web Server, affecting versions 6.1 prior to SP9 and 7.0 prior to Update 2. This flaw enables remote attackers to inject arbitrary web scripts or HTML by manipulating unknown parameters in the index.jsp file. Successful exploitation can lead to unauthorized actions taken on behalf of a user, impacting the security of web applications that leverage this server.
References
Timeline
Vulnerability published
Vulnerability Reserved