CVE-2008-0899Cross-site Scripting in Weblogic Server

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 47.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
BEA Weblogic Server
Timeline
PublishedFeb 22
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDbea/weblogic_server4 versions+3

Patches

Patch: dev2dev.bea.comPatch: dev2dev.bea.com

🔴Vulnerability Details

2
GHSA
GHSA-23fq-26rx-3gc4: Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 92022-05-01
CVEList
CVE-2008-0899: Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 92008-02-22
CVE-2008-0899 — Cross-site Scripting in Weblogic Server | cvebase