cbcvebase.
CVE-2008-0869
published 2008-02-21

CVE-2008-0869: Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject…

PriorityP414medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.06%
60.6th percentile
Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.

Affected

5 ranges
VendorProductVersion rangeFixed in
beaweblogic_server
beaweblogic_server
beaweblogic_server
beaweblogic_workshop
bea_systemsweblogic
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.