CVE-2008-2518

Name of the Vulnerable Software and Affected Versions Sun Java System Web Server versions 6.1 before SP9 Sun Java System Web Server versions 7.0 before Update 3

Description A cross-site scripting (XSS) issue exists in the advanced search mechanism, specifically in the webapps/search/advanced.jsp endpoint, allowing remote attackers to inject arbitrary web script or HTML. The issue is probably related to the next parameter.

Recommendations For Sun Java System Web Server version 6.1, update to at least SP9 to resolve the issue. For Sun Java System Web Server version 7.0, update to at least Update 3 to resolve the issue. As a temporary workaround, consider restricting access to the advanced search mechanism, specifically the webapps/search/advanced.jsp endpoint, until a patch is available. Avoid using the next parameter in the affected endpoint until the issue is resolved.