CVE-2008-0925

Cross-site scripting (XSS) vulnerability in the iMonitor interface in Novell eDirectory 8.7.3.x before 8.7.3 sp10, and 8.8.x before 8.8.2 ftf2, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters that are used within "error messages of the HTTP stack."

Published: Jun 18, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-0925
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
novell / edirectory	8.8	8.8.x
novell / edirectory	8.8.1	8.8.1.x
novell / edirectory	8.7.3.9	8.7.3.9.x
novell / edirectory	8.8.2	8.8.2.x

http://secunia.com/advisories/30748
http://securitytracker.com/id?1020321
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037180.html
http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5037181.html
http://www.novell.com/support/viewContent.do?externalId=3460217&sliceId=1
http://www.securityfocus.com/bid/29782
http://www.vupen.com/english/advisories/2008/1863/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43151

Vulnerability Database

289,697

CVE-2008-0925