CVE-2003-0733Cross-site Scripting in Liquid Data

3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
1.0%
top 23.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
BEA Liquid DataBEA Weblogic IntegrationBEA Weblogic Server
Timeline
PublishedOct 20
Latest updateApr 29

Description

Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

NVDbea/weblogic_server5.1, 7.0+1
NVDbea/weblogic_integration2.0, 7.0+1

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-cfc9-g2p5-76v2: Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 72022-04-29
CVEList
CVE-2003-0733: Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 72003-09-04
CVE-2003-0733 — Cross-site Scripting in BEA Liquid Data | cvebase