Description
Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Alexander Kornbrust · textremotewindows
https://www.exploit-db.com/exploits/25546
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/15895
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20276
Exploit, Vendor Advisory x_refsource_misc
http://www.red-database-security.com/advisory/bea_css_in_admin_console.html
Exploit, Vendor Advisory vdb-entry
x_refsource_sectrack
http://securitytracker.com/alerts/2005/Apr/1013817.html
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13400
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15128
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111472745503010&w=2
Scores
EPSS
0.0129
EPSS Percentile
79.7%
Details
Status
published
Products (1)
bea/weblogic_server
8.1 (15 CPE variants)
Published
May 03, 2005
Tracked Since
Feb 18, 2026