Moderate severityNVD Advisory· Published Mar 11, 2008· Updated Apr 23, 2026
CVE-2008-1285
CVE-2008-1285
Description
Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.sun.faces:jsf-apiMaven | < 1.2.08 | 1.2.08 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
16- sunsolve.sun.com/search/document.donvdPatch
- github.com/advisories/GHSA-vv6j-5x58-q2c3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2008-1285ghsaADVISORY
- rhn.redhat.com/errata/RHSA-2008-0828.htmlnvdWEB
- bugzilla.redhat.com/bugzilla/show_bug.cginvdWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/41081nvdWEB
- rhn.redhat.com/errata/RHSA-2008-0825.htmlnvd
- rhn.redhat.com/errata/RHSA-2008-0826.htmlnvd
- rhn.redhat.com/errata/RHSA-2008-0827.htmlnvd
- secunia.com/advisories/29327nvd
- www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.htmlnvd
- www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/nvd
- www.securityfocus.com/bid/28192nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2008/0808/referencesnvd
- jira.jboss.org/jira/browse/JBPAPP-682nvd
News mentions
0No linked articles in our index yet.