Vulnerability Name:

CVE-2008-6192 (CCN-44531)

Assigned:2008-08-19
Published:2008-08-19
Updated:2017-08-17
Summary:Multiple cross-site scripting (XSS) vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2008-6192

Source: CCN
Type: SA31538
Sun Java System Portal Server Cross-Site Scripting Vulnerability

Source: SECUNIA
Type: UNKNOWN
31538

Source: CCN
Type: SECTRACK ID: 1020706
Sun Java System Portal Server Input Validation Holes in Bundled Portlets Permit Cross-Site Scripting Attacks

Source: SUNALERT
Type: Patch, Vendor Advisory
239308

Source: CCN
Type: Sun Alert ID: 239308
Cross Site Scripting (XSS) Vulnerability in Sun Java System Portal Server's Portlets may Lead to Execution of Arbitrary Code

Source: CCN
Type: OSVDB ID: 47559
Sun Java System Portal Server Unspecified Portlets XSS

Source: BID
Type: Patch
30738

Source: CCN
Type: BID-30738
Sun Java System Portal Server Portlets Cross-Site Scripting Vulnerability

Source: SECTRACK
Type: UNKNOWN
1020706

Source: VUPEN
Type: UNKNOWN
ADV-2008-2404

Source: XF
Type: UNKNOWN
sun-jsps-portlets-xss(44531)

Source: XF
Type: UNKNOWN
sun-jsps-portlets-xss(44531)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:sun:java_system_portal_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_portal_server:7.1:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sun:java_system_portal_server:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:sun:java_system_portal_server:7.1:*:*:*:*:*:*:*
  • AND
  • cpe:/o:sun:solaris:8::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    sun java system portal server 7.0
    sun java system portal server 7.1
    sun java system portal server 7.0
    sun java system portal server 7.1
    sun solaris 8
    sun solaris 8
    sun solaris 9
    sun solaris 10
    sun solaris 10
    sun solaris 9