CVE-2008-5266

Sun GlassFish 2.1 - 'name' Cross-Site Scripting

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751.

Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en configuration/httpListenerEdit.jsf en la interfaz GlassFish 2 UR2 b04 webadmin en Sun Java System Application Server v9.1_01 build b09d-fcs y v9.1_02 build b04-fcs permite a atacantes remotos inyectar web script o HTML a través del parámetro "name", un vector diferente a CVE-2008-2751.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-06-10 First Exploit
2008-11-28 CVE Reserved
2008-11-28 CVE Published
2024-06-08 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (7)

URL	Tag	Source
http://securityreason.com/securityalert/4659	Third Party Advisory
http://webappsecurity.wordpress.com/2008/06/11/xss-glassfish-web-admin-interface-sun-java-system-application	X_refsource_misc
http://www.securityfocus.com/archive/1/493243/100/0/threaded	Mailing List
http://www.securityfocus.com/bid/29646	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/47029	Vdb Entry

URL	Date	SRC
https://www.exploit-db.com/exploits/31901	2008-06-10

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/30604	2018-10-11

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Sun Search vendor "Sun"	Java System Application Server Search vendor "Sun" for product "Java System Application Server"	9.1_01 Search vendor "Sun" for product "Java System Application Server" and version "9.1_01"	b09d-fcs	Affected	in	Oracle Search vendor "Oracle"	Glassfish Server Search vendor "Oracle" for product "Glassfish Server"	2.0 Search vendor "Oracle" for product "Glassfish Server" and version "2.0"	-	Affected
Sun Search vendor "Sun"	Java System Application Server Search vendor "Sun" for product "Java System Application Server"	9.1_02 Search vendor "Sun" for product "Java System Application Server" and version "9.1_02"	b04-fcs	Affected	in	Oracle Search vendor "Oracle"	Glassfish Server Search vendor "Oracle" for product "Glassfish Server"	2.0 Search vendor "Oracle" for product "Glassfish Server" and version "2.0"	-	Affected