CVE-2008-0869

Name of the Vulnerable Software and Affected Versions BEA WebLogic Workshop versions 8.1 through SP6 BEA Workshop for WebLogic versions 9.0 through 10.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a framework defined request parameter when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.

Recommendations For BEA WebLogic Workshop versions 8.1 through SP6, consider restricting access to the framework defined request parameter to minimize the risk of exploitation. For BEA Workshop for WebLogic versions 9.0 through 10.0, avoid using the framework defined request parameter in the affected page flows until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.