CVE-2008-0899

BEA Weblogic Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Administration Console in BEA WebLogic Server and Express 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via URLs that are not properly handled by the Unexpected Exception Page.

References (4)

[Patch] http://dev2dev.bea.com/pub/advisory/269

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019448

[Third Party Advisory] http://secunia.com/advisories/29041

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/0612/references

Scores

EPSS 0.0029

EPSS Percentile 51.6%

Classification

CWE

CWE-79

Status draft

Affected Products (5)

bea/weblogic_server

Timeline

Published Feb 22, 2008

Tracked Since Feb 18, 2026