Description
Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Corsaire Limited · textwebappsjsp
https://www.exploit-db.com/exploits/23315
References (4)
Core 4
Core References
Patch, Vendor Advisory x_refsource_misc
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/8938
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/13568
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=106761926906781&w=2
Scores
EPSS
0.0346
EPSS Percentile
87.6%
Details
CWE
CWE-79
Status
published
Products (2)
bea/weblogic_server
3.1.8
bea/weblogic_server
< 8.1
Published
Dec 01, 2003
Tracked Since
Feb 18, 2026