Vulnerability Details CVE-2008-0902
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.8%
CVSS Severity
CVSS v2 Score 4.3
References
Products affected by CVE-2008-0902
-
cpe:2.3:a:bea:weblogic_server:10.0
-
cpe:2.3:a:bea:weblogic_server:6.1
-
cpe:2.3:a:bea:weblogic_server:7.0
-
cpe:2.3:a:bea:weblogic_server:8.1
-
cpe:2.3:a:bea:weblogic_server:9.0
-
cpe:2.3:a:bea:weblogic_server:9.1
-
cpe:2.3:a:bea_systems:weblogic_server:10.0_mp1