Cross-Site Scripting Vulnerability in Sun Java System Web Server
CVE-2008-2518
Currently unrated
Summary
A Cross-Site Scripting vulnerability exists in the advanced search feature of Sun Java System Web Server versions 6.1 prior to SP9 and 7.0 prior to Update 3. This flaw permits remote attackers to inject arbitrary web scripts or HTML content through unspecified vectors, potentially related to the parameter handling within the search mechanism. Exploiting this vulnerability could allow for unauthorized actions on behalf of users, including data theft and session hijacking.
References
Timeline
Vulnerability published
Vulnerability Reserved