CVE-2003-0624

BEA WebLogic <8.1 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Corsaire Limited · textwebappsjsp

https://www.exploit-db.com/exploits/23315

View Code ZIP pw:eip

References (4)

[Patch, Vendor Advisory] http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp

[Mailing List] http://marc.info/?l=bugtraq&m=106761926906781&w=2

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/8938

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/13568

Scores

EPSS 0.0346

EPSS Percentile 87.4%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

bea/weblogic_server < 8.1

bea/weblogic_server

Timeline

Published Dec 01, 2003

Tracked Since Feb 18, 2026