Description
Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.
Exploits (1)
exploitdb
WORKING POC
by Richard Brain · textwebappsmultiple
https://www.exploit-db.com/exploits/12689
References (10)
Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/58790
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39906
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/12689
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/KB27373
Exploit x_refsource_misc
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03
Various Sources x_refsource_misc
http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1215
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40327
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511404/100/0/threaded
Exploit vdb-entry
x_refsource_osvdb
http://osvdb.org/64844
Scores
EPSS
0.2690
EPSS Percentile
96.4%
Details
CWE
CWE-79
Status
published
Products (3)
apache/axis2
1.4.1
apache/axis2
1.5.1
org.apache.axis2.wso2/axis2
1.4.1 - 1.6.0Maven
Published
May 27, 2010
Tracked Since
Feb 18, 2026