Cross-Site Scripting Vulnerability in Sun Java System Web Server
CVE-2008-2518

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Web Server
Vendor: CVE Published:; 3 June 2008

Summary

A Cross-Site Scripting vulnerability exists in the advanced search feature of Sun Java System Web Server versions 6.1 prior to SP9 and 7.0 prior to Update 3. This flaw permits remote attackers to inject arbitrary web scripts or HTML content through unspecified vectors, potentially related to the parameter handling within the search mechanism. Exploiting this vulnerability could allow for unauthorized actions on behalf of users, including data theft and session hijacking.

References

http://www.vupen.com/english/advisories/2008/1649/references

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/30381

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/42624

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 3, 2008
Vulnerability Reserved
Jun 3, 2008