CVE-2008-0866
BEA WebLogic Workshop - Cross-Site Scripting via Invalid Action URI
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Workshop allow remote attackers to inject arbitrary web script or HTML via an invalid action URI, which is not properly handled by NetUI page flows.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019441
Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/258
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29041
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0611
Scores
EPSS
0.0029
EPSS Percentile
52.0%
Details
CWE
CWE-79
Status
published
Products (1)
bea/weblogic_workshop
8.1 sp2 (4 CPE variants)
Published
Feb 21, 2008
Tracked Since
Feb 18, 2026