CVE-2005-1747 — Cross-site Scripting in Weblogic Server

3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

2.7%

top 14.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

BEA Weblogic Server Oracle Weblogic Portal

Timeline

PublishedMay 24

Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obt…

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶NVDbea/weblogic_server5 versions+4

▶NVDoracle/weblogic_portal8.0

🔴Vulnerability Details

GHSA

GHSA-9h5j-cj9r-xxcp: Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8↗2022-05-01

▶

CVEList

CVE-2005-1747: Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8↗2005-05-24

▶