CVE-2008-2166
Sun Java System Web Server 6.1-6.1 SP8 and 7.0-7.0 Update 1 - Cross-Site Scripting via Search Module
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the search module in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 2 allows remote attackers to inject arbitrary web script or HTML via unknown parameters in index.jsp.
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/30133
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/29087
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/1455/references
Patch vendor-advisory
x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-231467-1
Patch vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019987
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/42263
Scores
EPSS
0.0053
EPSS Percentile
67.4%
Details
CWE
CWE-79
Status
published
Products (2)
sun/java_system_web_server
6.1 (6 CPE variants)
sun/java_system_web_server
7.0 (5 CPE variants)
Published
May 13, 2008
Tracked Since
Feb 18, 2026