CVE-2008-2929Cross-site Scripting in Redhat Directory Server

CWE-79Cross-site ScriptingCWE-78OS Command Injection8 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.6%
top 29.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Directory Server
Timeline
PublishedAug 29
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gateway (DSGW) web interface in Red Hat Directory Server 7.1 before SP7 and 8 EL4 and EL5, and Fedora Directory Server, allow remote attackers to inject arbitrary web script or HTML via input values that use % (percent) escaping.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDredhat/directory_server7.1, 8.0+1

Patches

Patch: www.redhat.comPatch: www.securityfocus.comPatch: www.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-p2p9-vhrp-wv8p: Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gatew2022-05-01
CVEList
CVE-2008-2929: Multiple cross-site scripting (XSS) vulnerabilities in the adminutil library in the Directory Server Administration Express and Directory Server Gatew2008-08-29

📋Vendor Advisories

3
Red Hat
lynx: remote arbitrary command execution via a crafted lynxcgi: URL2008-10-09
Red Hat
Server: multiple XSS issues2008-08-27
Red Hat
Server: adminutil / CGI heap overflow2008-08-27

💬Community

2
Bugzilla
CVE-2008-4690 lynx: remote arbitrary command execution via a crafted lynxcgi: URL2008-10-23
Bugzilla
CVE-2008-2929 Directory Server: multiple XSS issues2008-07-09
CVE-2008-2929 — Cross-site Scripting in Redhat | cvebase