CVE-2008-2929

Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fedora:directory_server:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp1:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp2:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp3:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp4:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp5:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:7.1:sp6:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:8.0:el4:*:*:*:*:*:*
cpe:2.3:a:redhat:directory_server:8.0:el5:*:*:*:*:*:*

History

No history.

Information

Published : 2008-08-29 18:41

Updated : 2024-02-28 11:21


NVD link : CVE-2008-2929

Mitre link : CVE-2008-2929

CVE.ORG link : CVE-2008-2929


JSON object : View

Products Affected

fedora

  • directory_server

redhat

  • directory_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')