CVE-2008-0925
Description
Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cross-site scripting in Novell eDirectory iMonitor error messages allows remote attackers to inject arbitrary script or HTML.
Vulnerability
A cross-site scripting (XSS) vulnerability exists in the iMonitor interface of Novell eDirectory versions 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2. The flaw resides in how the HTTP stack generates error messages; unspecified parameters passed to the iMonitor component are not properly sanitized before being included in those error responses [1].
Exploitation
An attacker can exploit this via crafted HTTP requests that include malicious script or HTML in specific parameters. No authentication is required, as the vulnerable interface is exposed over the network. The attacker must convince a victim user to interact with a specially crafted URL (e.g., via email or a malicious site) that triggers the reflected XSS in the iMonitor error page [1].
Impact
Successful exploitation allows the attacker to execute arbitrary web script or HTML in the context of the victim's browser session with the iMonitor interface. This can lead to theft of session cookies, modification of page content, or phishing attacks against administrators who manage eDirectory via iMonitor [1].
Mitigation
For eDirectory 8.8.x, upgrade to version 8.8.2 and apply the second fix pack (ftf2). For eDirectory 8.7.3.x, upgrade to version 8.7.3 sp10. No workarounds are documented; applying the patches resolves the issue [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
17cpe:2.3:a:novell:edirectory:8.7.3.9:*:linux:*:*:*:*:*+ 16 more
- cpe:2.3:a:novell:edirectory:8.7.3.9:*:linux:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.7.3.9:*:solaris:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.7.3.9:*:windows_2000:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.7.3.9:*:windows_2003:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.8.1:*:linux:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.8.1:*:solaris:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.8.1:*:windows_2000:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.8.1:*:windows_2003:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.8.2:*:linux:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.8.2:*:solaris:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.8.2:*:windows_2000:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.8.2:*:windows_2003:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.8:*:linux:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.8:*:solaris:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.8:*:windows_2000:*:*:*:*:*
- cpe:2.3:a:novell:edirectory:8.8:*:windows_2003:*:*:*:*:*
- (no CPE)range: < 8.7.3 sp10, < 8.8.2 ftf2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- secunia.com/advisories/30748nvdVendor Advisory
- securitytracker.com/idnvd
- support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.htmlnvd
- support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.htmlnvd
- www.novell.com/support/viewContent.donvd
- www.securityfocus.com/bid/29782nvd
- www.vupen.com/english/advisories/2008/1863/referencesnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/43151nvd
News mentions
0No linked articles in our index yet.