Unrated severityNVD Advisory· Published Jun 3, 2008· Updated Jun 16, 2026
CVE-2008-2518
CVE-2008-2518
Description
Cross-site scripting (XSS) vulnerability in the advanced search mechanism (webapps/search/advanced.jsp) in Sun Java System Web Server 6.1 before SP9 and 7.0 before Update 3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably related to the next parameter.
Affected products
14cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:sun:java_system_web_server:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp5:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp6:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp7:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:6.1:sp8:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:7.0:update_1:*:*:*:*:*:*
- cpe:2.3:a:sun:java_system_web_server:7.0:update_2:*:*:*:*:*:*
- (no CPE)range: <6.1 SP9 and <7.0 Update 3
- Range: <SP9
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.