CVE-2008-2518

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Web Server
Vendor: CVE Published:; 3 June 2008

Summary

Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter.

References

http://www.vupen.com/english/advisories/2008/1649/references

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/30381

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/42624

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jun 3, 2008
Vulnerability Reserved
Jun 3, 2008