CVE-2008-0899
BEA WebLogic Server 9.0-10.0 - Cross-Site Scripting via Unexpected Exception Page
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019448
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29041
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0612/references
Patch vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/269
Scores
EPSS
0.0029
EPSS Percentile
52.0%
Details
CWE
CWE-79
Status
published
Products (4)
bea/weblogic_server
9.0
bea/weblogic_server
9.1
bea/weblogic_server
9.2 (2 CPE variants)
bea/weblogic_server
10.0
Published
Feb 22, 2008
Tracked Since
Feb 18, 2026