Vulnerability Details CVE-2003-0624
Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.035
EPSS Ranking 86.9%
CVSS Severity
CVSS v2 Score 4.3
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp
- http://marc.info/?l=bugtraq&m=106761926906781&w=2
- http://www.securityfocus.com/bid/8938
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13568
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp
- http://marc.info/?l=bugtraq&m=106761926906781&w=2
- http://www.securityfocus.com/bid/8938
- https://exchange.xforce.ibmcloud.com/vulnerabilities/13568
Products affected by CVE-2003-0624
-
cpe:2.3:a:bea:weblogic_server:-
-
cpe:2.3:a:bea:weblogic_server:3.1.8
-
cpe:2.3:a:bea:weblogic_server:4.0
-
cpe:2.3:a:bea:weblogic_server:4.0.4
-
cpe:2.3:a:bea:weblogic_server:4.5
-
cpe:2.3:a:bea:weblogic_server:4.5.1
-
cpe:2.3:a:bea:weblogic_server:4.5.2
-
cpe:2.3:a:bea:weblogic_server:5.1
-
cpe:2.3:a:bea:weblogic_server:6.0
-
cpe:2.3:a:bea:weblogic_server:6.1
-
cpe:2.3:a:bea:weblogic_server:7.0
-
cpe:2.3:a:bea:weblogic_server:7.0.0.1
-
cpe:2.3:a:bea:weblogic_server:8.1