{"api_version":"1","generated_at":"2026-04-23T02:57:13+00:00","cve":"CVE-2008-4485","urls":{"html":"https://cve.report/CVE-2008-4485","api":"https://cve.report/api/cve/CVE-2008-4485.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-4485","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-4485"},"summary":{"title":"CVE-2008-4485","description":"Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-10-08 02:00:01","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.vupen.com/english/advisories/2008/2739","name":"http://www.vupen.com/english/advisories/2008/2739","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.bluecoat.com/support/securityadvisories/icap_patience","name":"http://www.bluecoat.com/support/securityadvisories/icap_patience","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Cross-site scripting vulnerability in ICAP patience page","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/32122","name":"http://secunia.com/advisories/32122","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Blue Coat SGOS ICAP Patience Page Cross-Site Scripting Vulnerability - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1020979","name":"http://www.securitytracker.com/id?1020979","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityTracker.com Archives - Blue Coat ProxySG Input Validation Hole in ICAP Patience Page Permits Cross-Site Scripting Attacks","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/4367","name":"http://securityreason.com/securityalert/4367","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CXSecurity - IDS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45625","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45625","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=122210321731789&w=2","name":"http://marc.info/?l=bugtraq&m=122210321731789&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'Blue Coat xss' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://marc.info/?l=bugtraq&m=122298544725313&w=2","name":"http://marc.info/?l=bugtraq&m=122298544725313&w=2","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"'Re: Blue Coat xss' - MARC","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/31543","name":"http://www.securityfocus.com/bid/31543","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Blue Coat WebFilter ICAP Patience Page Cross Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-4485","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-4485","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"4485","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bluecoat","cpe5":"security_gateway_os","cpe6":"4.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"4485","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bluecoat","cpe5":"security_gateway_os","cpe6":"5.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"4485","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"bluecoat","cpe5":"security_gateway_os","cpe6":"5.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T10:17:09.716Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"bluecoat-sgos-icap-patience-xss(45625)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45625"},{"name":"20081002 Re: Blue Coat xss","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=122298544725313&w=2"},{"name":"31543","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/31543"},{"name":"32122","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/32122"},{"name":"1020979","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1020979"},{"name":"ADV-2008-2739","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2008/2739"},{"name":"4367","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/4367"},{"name":"20080921 Blue Coat xss","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://marc.info/?l=bugtraq&m=122210321731789&w=2"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.bluecoat.com/support/securityadvisories/icap_patience"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-09-29T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-07T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"bluecoat-sgos-icap-patience-xss(45625)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45625"},{"name":"20081002 Re: Blue Coat xss","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=122298544725313&w=2"},{"name":"31543","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/31543"},{"name":"32122","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/32122"},{"name":"1020979","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1020979"},{"name":"ADV-2008-2739","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2008/2739"},{"name":"4367","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/4367"},{"name":"20080921 Blue Coat xss","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://marc.info/?l=bugtraq&m=122210321731789&w=2"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.bluecoat.com/support/securityadvisories/icap_patience"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-4485","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"bluecoat-sgos-icap-patience-xss(45625)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/45625"},{"name":"20081002 Re: Blue Coat xss","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=122298544725313&w=2"},{"name":"31543","refsource":"BID","url":"http://www.securityfocus.com/bid/31543"},{"name":"32122","refsource":"SECUNIA","url":"http://secunia.com/advisories/32122"},{"name":"1020979","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1020979"},{"name":"ADV-2008-2739","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2008/2739"},{"name":"4367","refsource":"SREASON","url":"http://securityreason.com/securityalert/4367"},{"name":"20080921 Blue Coat xss","refsource":"BUGTRAQ","url":"http://marc.info/?l=bugtraq&m=122210321731789&w=2"},{"name":"http://www.bluecoat.com/support/securityadvisories/icap_patience","refsource":"CONFIRM","url":"http://www.bluecoat.com/support/securityadvisories/icap_patience"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-4485","datePublished":"2008-10-08T01:00:00.000Z","dateReserved":"2008-10-07T00:00:00.000Z","dateUpdated":"2024-08-07T10:17:09.716Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-10-08 02:00:01","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:bluecoat:security_gateway_os:4.2:*:*:*:*:*:*:*","matchCriteriaId":"9B860118-690A-4370-9E21-8B286861A4FC"},{"vulnerable":true,"criteria":"cpe:2.3:o:bluecoat:security_gateway_os:5.2:*:*:*:*:*:*:*","matchCriteriaId":"ACE4A2CE-430E-47E5-82FA-2D607B603C47"},{"vulnerable":true,"criteria":"cpe:2.3:o:bluecoat:security_gateway_os:5.3:*:*:*:*:*:*:*","matchCriteriaId":"5B382A8B-4EC6-4EA4-A718-A7165D5F9566"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"4485","Ordinal":"1","Title":"CVE-2008-4485","CVE":"CVE-2008-4485","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"4485","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL.","Type":"Description","Title":"CVE-2008-4485"},{"CveYear":"2008","CveId":"4485","Ordinal":"2","NoteData":"2008-10-07","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"4485","Ordinal":"3","NoteData":"2017-08-07","Type":"Other","Title":"Modified"}]}}}