PT-2008-2487 · Apache+1 · Apache Beehive Netui+2
Published
2008-02-21
·
Updated
2011-03-08
·
CVE-2008-0869
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
BEA WebLogic Workshop versions 8.1 through SP6
BEA Workshop for WebLogic versions 9.0 through 10.0
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a
framework defined request parameter when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.Recommendations
For BEA WebLogic Workshop versions 8.1 through SP6, consider restricting access to the framework defined request parameter to minimize the risk of exploitation.
For BEA Workshop for WebLogic versions 9.0 through 10.0, avoid using the framework defined request parameter in the affected page flows until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Beehive Netui
Bea Weblogic Workshop
Bea Workshop For Weblogic