Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00559.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Redhat
  • Jboss Enterprise Application Platform
Sun
  • Jsf

Configuration 1 [-]

cpe:2.3:a:sun:jsf:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
JBEAP 4.2.0 for RHEL 4
glassfish-javamail-0:1.4.0-0jpp.ep1.9.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4 RHSA-2008:0825 2008-08-05T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP03.0jpp.ep1.1.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4 RHSA-2008:0825 2008-08-05T00:00:00Z
hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.3.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4 RHSA-2008:0825 2008-08-05T00:00:00Z
jbossas-0:4.2.0-3.GA_CP03.ep1.9.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4 RHSA-2008:0825 2008-08-05T00:00:00Z
jboss-cache-0:1.4.1-4.SP9.1jpp.ep1.1.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4 RHSA-2008:0825 2008-08-05T00:00:00Z
jboss-remoting-0:2.2.2-3.SP7.0jpp.ep1.3.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4 RHSA-2008:0825 2008-08-05T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.7.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4 RHSA-2008:0825 2008-08-05T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP01.1jpp.ep1.1.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4 RHSA-2008:0825 2008-08-05T00:00:00Z
jcommon-0:1.0.12-1jpp.ep1.3.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4 RHSA-2008:0825 2008-08-05T00:00:00Z
jfreechart-0:1.0.9-1jpp.ep1.3.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4 RHSA-2008:0825 2008-08-05T00:00:00Z
rh-eap-docs-0:4.2.0-3.GA_CP03.ep1.5.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4 RHSA-2008:0825 2008-08-05T00:00:00Z
JBEAP 4.2.0 for RHEL 5
hibernate3-1:3.2.4-1.SP1_CP03.0jpp.ep1.1.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5 RHSA-2008:0827 2008-08-05T00:00:00Z
hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.3.el5.1 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5 RHSA-2008:0827 2008-08-05T00:00:00Z
jbossas-0:4.2.0-4.GA_CP03.ep1.8.el5.1 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5 RHSA-2008:0827 2008-08-05T00:00:00Z
jboss-cache-0:1.4.1-4.SP9.1jpp.ep1.1.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5 RHSA-2008:0827 2008-08-05T00:00:00Z
jboss-remoting-0:2.2.2-3.SP7.0jpp.ep1.3.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5 RHSA-2008:0827 2008-08-05T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.6.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5 RHSA-2008:0827 2008-08-05T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP01.1jpp.ep1.1.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5 RHSA-2008:0827 2008-08-05T00:00:00Z
jcommon-0:1.0.12-1jpp.ep1.3.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5 RHSA-2008:0827 2008-08-05T00:00:00Z
jfreechart-0:1.0.9-1jpp.ep1.3.el5.1 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5 RHSA-2008:0827 2008-08-05T00:00:00Z
rh-eap-docs-0:4.2.0-3.GA_CP03.ep1.5.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5 RHSA-2008:0827 2008-08-05T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4
glassfish-javamail-0:1.4.0-0jpp.ep1.9.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP03.0jpp.ep1.1.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.3.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
jbossas-0:4.3.0-2.GA_CP01.ep1.7.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
jboss-cache-0:1.4.1-4.SP9.1jpp.ep1.1.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
jboss-messaging-0:1.4.0-1.SP3_CP02.0jpp.ep1.6.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
jboss-remoting-0:2.2.2-3.SP7.0jpp.ep1.3.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP01.1jpp.ep1.1.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
jbossws-0:2.0.1-2.SP2_CP01.0jpp.ep1.2.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
jcommon-0:1.0.12-1jpp.ep1.3.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
jfreechart-0:1.0.9-1jpp.ep1.3.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
jgroups-1:2.4.2-1.GA_CP01.0jpp.ep1.1.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
rh-eap-docs-0:4.3.0-2.GA_CP01.ep1.4.el4 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4 RHSA-2008:0826 2008-08-05T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5
asm-0:1.5.3-1jpp.ep1.2.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
cglib-0:2.1.3-2jpp.ep1.6.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
concurrent-0:1.3.4-8jpp.ep1.6.el5.1 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
glassfish-jsf-0:1.2_08-0jpp.ep1.2.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP03.0jpp.ep1.1.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
hibernate3-annotations-0:3.2.1-1.patch02.1jpp.ep1.3.el5.1 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
hibernate3-entitymanager-0:3.2.1-1jpp.ep1.7.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
jboss-aop-0:1.5.5-1.CP01.0jpp.ep1.1.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
jbossas-0:4.3.0-2.GA_CP01.ep1.6.el5.1 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
jboss-cache-0:1.4.1-4.SP9.1jpp.ep1.1.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
jboss-messaging-0:1.4.0-1.SP3_CP02.0jpp.ep1.6.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
jboss-remoting-0:2.2.2-3.SP7.0jpp.ep1.3.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.5.el5.1 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP01.1jpp.ep1.1.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
jbossws-0:2.0.1-2.SP2_CP01.0jpp.ep1.2.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
jbossxb-0:1.0.0-2.SP1.0jpp.ep1.2.el5.1 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
jcommon-0:1.0.12-1jpp.ep1.3.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
jfreechart-0:1.0.9-1jpp.ep1.3.el5.1 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
jgroups-1:2.4.2-1.GA_CP01.0jpp.ep1.1.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z
rh-eap-docs-0:4.3.0-2.GA_CP01.ep1.4.el5 cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5 RHSA-2008:0828 2008-08-05T00:00:00Z

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2022-5430 Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Github GHSA Github GHSA GHSA-vv6j-5x58-q2c3 Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF)
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://rhn.redhat.com/errata/RHSA-2008-0825.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2008-0826.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2008-0827.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2008-0828.html cve-icon cve-icon
http://secunia.com/advisories/29327 cve-icon cve-icon
http://sunsolve.sun.com/search/document.do?assetkey=1-26-233561-1 cve-icon cve-icon
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html cve-icon cve-icon
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/ cve-icon cve-icon
http://www.securityfocus.com/bid/28192 cve-icon cve-icon
http://www.securitytracker.com/id?1020628 cve-icon cve-icon
http://www.vupen.com/english/advisories/2008/0808/references cve-icon cve-icon
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=437082 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/41081 cve-icon cve-icon
https://jira.jboss.org/jira/browse/JBPAPP-682 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2008-1285 cve-icon
https://www.cve.org/CVERecord?id=CVE-2008-1285 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T08:17:33.555Z

Reserved: 2008-03-11T00:00:00

Link: CVE-2008-1285

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2008-03-11T17:44:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-1285

cve-icon Redhat

Severity : Moderate

Publid Date: 2008-03-11T00:00:00Z

Links: CVE-2008-1285 - Bugzilla

cve-icon OpenCVE Enrichment

No data.