Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
References
Link | Resource |
---|---|
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp | |
http://www.securityfocus.com/bid/8357 | Patch Vendor Advisory |
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp | |
http://www.securityfocus.com/bid/8357 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:45
Type | Values Removed | Values Added |
---|---|---|
References | () http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp - | |
References | () http://www.securityfocus.com/bid/8357 - Patch, Vendor Advisory |
Information
Published : 2003-10-20 04:00
Updated : 2024-11-20 23:45
NVD link : CVE-2003-0733
Mitre link : CVE-2003-0733
CVE.ORG link : CVE-2003-0733
JSON object : View
Products Affected
bea
- weblogic_integration
- liquid_data
- weblogic_server
CWE