CVE-2008-0866

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Workshop allow remote attackers to inject arbitrary web script or HTML via an invalid action URI, which is not properly handled by NetUI page flows.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:bea:weblogic_workshop:8.1:sp2:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_workshop:8.1:sp3:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_workshop:8.1:sp4:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_workshop:8.1:sp5:*:*:*:*:*:*

History

No history.

Information

Published : 2008-02-21 01:44

Updated : 2024-02-04 17:13


NVD link : CVE-2008-0866

Mitre link : CVE-2008-0866

CVE.ORG link : CVE-2008-0866


JSON object : View

Products Affected

bea

  • weblogic_workshop
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')