PT-2005-1106 · Bea+1 · Bea Admin Console+1

Alexander Kornbrust

Published

2005-05-02

Updated

2017-07-11

CVE-2005-1380

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BEA Admin Console version 8.1 Oracle WebLogic Server Admin Console (affected versions not specified)

Description The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to execute arbitrary web script or HTML. This is due to the failure to neutralize script-related HTML tags on a web page. The vulnerability can be exploited by a remote attacker to perform cross-site scripting attacks.

Recommendations For BEA Admin Console version 8.1, update the software to a version that includes a fix for this issue. For Oracle WebLogic Server Admin Console, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-80

Related Identifiers

BDU:2021-04402

CVE-2005-1380

Affected Products

Bea Admin Console

Oracle Weblogic Server Admin Console

PT-2005-1106 · Bea+1 · Bea Admin Console+1

CVE-2005-1380

Weakness Enumeration

Related Identifiers

Affected Products

References · 13