CVE-2008-2616 — Cross-site Scripting in Oracle JD Edwards Enterpriseone

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.9%

top 24.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle JD Edwards Enterpriseone Oracle Peoplesoft Enterprise Oracle Peoplesoft Peopletools

Timeline

PublishedJul 15

Latest updateMay 1

Description

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.48.17 and 8.49.11 has unknown impact and remote authenticated attack vectors, a different vulnerability than CVE-2008-2615, CVE-2008-2617, CVE-2008-2618, CVE-2008-2620, CVE-2008-2621, and CVE-2008-2622.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶NVDoracle/peoplesoft_enterprise8.48.17, 8.49.11+1

▶NVDoracle/peoplesoft_peopletools8.48.17, 8.49.11+1

▶NVDoracle/jd_edwards_enterpriseone8.48.17, 8.49.11+1

🔴Vulnerability Details

GHSA

GHSA-pj98-w72v-7m4m: Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8↗2022-05-01

▶

CVEList

CVE-2008-2616: Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8↗2008-07-15

▶

📋Vendor Advisories

Red Hat

httpd: XSS via UTF-7 encoded urls on the 403 Forbidden error page↗2008-05-08

▶

Apache

Apache httpd: CVE-2008-0005↗

▶