CVE-2008-0899

Name of the Vulnerable Software and Affected Versions BEA WebLogic Server and Express versions 9.0 through 10.0

Description A cross-site scripting (XSS) issue exists due to improper handling of URLs by the Unexpected Exception Page in the Administration Console. This allows remote attackers to inject arbitrary web script or HTML.

Recommendations For versions 9.0 through 10.0, consider restricting access to the Administration Console to minimize the risk of exploitation. As a temporary workaround, avoid using URLs that may trigger the Unexpected Exception Page until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.