• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sun Java Server Faces Cross-Site Scripting Vulnerability

Bugtraq ID:	28192
Class:	Input Validation Error
CVE:	CVE-2008-1285
Remote:	Yes
Local:	No
Published:	Feb 27 2008 12:00AM
Updated:	Aug 05 2008 02:17PM
Credit:	The vendor reported this issue.
Vulnerable:	Sun Java Server Faces 1.2 RedHat JBoss Enterprise Application Platform 4.3 EL5 RedHat JBoss Enterprise Application Platform 4.3 EL4 RedHat JBoss Enterprise Application Platform 4.3 RedHat JBoss Enterprise Application Platform 4.2 EL5 RedHat JBoss Enterprise Application Platform 4.2 EL4 RedHat JBoss Enterprise Application Platform 4.2
Not Vulnerable:	Sun Java Server Faces 1.2_08 RedHat JBoss Enterprise Application Platform 4.3 CP01 RedHat JBoss Enterprise Application Platform 4.2 CP03