Cross-Site Scripting Vulnerability in Sun Java System Web Server
CVE-2008-2518

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
3 June 2008

Summary

A Cross-Site Scripting vulnerability exists in the advanced search feature of Sun Java System Web Server versions 6.1 prior to SP9 and 7.0 prior to Update 3. This flaw permits remote attackers to inject arbitrary web scripts or HTML content through unspecified vectors, potentially related to the parameter handling within the search mechanism. Exploiting this vulnerability could allow for unauthorized actions on behalf of users, including data theft and session hijacking.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.