Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-1380Cross-site Scripting in Weblogic Server

4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
1.3%
top 20.36%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
BEA Weblogic Server
Timeline
PublishedMay 3
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-mgr3-mhvq-5wc9: Cross-site scripting (XSS) vulnerability in BEA Admin Console 82022-05-01
CVEList
CVE-2005-1380: Cross-site scripting (XSS) vulnerability in BEA Admin Console 82005-05-02

💥Exploits & PoCs

1
Exploit-DB
BEA WebLogic Server 8.1 / WebLogic Express Administration Console - Cross-Site Scripting2005-04-26