CVE-2005-4751

BEA WebLogic Server/Express <9.0-8.1 SP4 & <7.0 SP6 & <6.1 SP7 - XSS

Title source: llm
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors.

References (3)

Core 3
Core References
Patch, Vendor Advisory vendor-advisory x_refsource_bea
http://dev2dev.bea.com/pub/advisory/139
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15052
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17138

Scores

EPSS 0.0121
EPSS Percentile 79.3%

Details

Status published
Products (4)
bea/weblogic_server 6.1 (16 CPE variants)
bea/weblogic_server 7.0 (14 CPE variants)
bea/weblogic_server 8.1 (10 CPE variants)
bea/weblogic_server 9.0 (2 CPE variants)
Published Dec 31, 2005
Tracked Since Feb 18, 2026