CVE-2003-0623Cross-site Scripting in Tuxedo

3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 32.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
BEA TuxedoBEA Weblogic Server
Timeline
PublishedDec 1
Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDbea/tuxedo6 versions+5
NVDbea/weblogic_server4.2, 5.0.1, 5.1+2

Patches

Patch: dev2dev.bea.comPatch: www.securityfocus.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-48ww-7fpq-xhw8: Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 82022-04-29
CVEList
CVE-2003-0623: Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 82003-11-05
CVE-2003-0623 — Cross-site Scripting in BEA Tuxedo | cvebase