CVE-2008-2929

Fedora Directory Server - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.

References (16)

Scores

EPSS 0.0063
EPSS Percentile 69.9%

Classification

CWE
CWE-79
Status draft

Affected Products (9)

fedora/directory_server
redhat/directory_server
redhat/directory_server
redhat/directory_server
redhat/directory_server
redhat/directory_server
redhat/directory_server
redhat/directory_server
redhat/directory_server

Timeline

Published Aug 29, 2008
Tracked Since Feb 18, 2026