Lucene search
MitreCVE-2008-0902HistoryFeb 22, 2008 - 9:44 p.m.
CVE-2008-0902
2008-02-2221:44:00
CWE-79
mitre
web.nvd.nist.gov
22
cve-2008-0902
bea weblogic server
xss
cross-site scripting
html injection
security vulnerability
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.005
Percentile
75.8%
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 6.1 through 10.0 MP1 allow remote attackers to inject arbitrary web script or HTML via unspecified samples. NOTE: this might be the same issue as CVE-2007-2694.
Affected configurations
Node
beaweblogic_serverMatch6.1
ORbeaweblogic_serverMatch6.1sp1
ORbeaweblogic_serverMatch6.1sp2
ORbeaweblogic_serverMatch6.1sp3
ORbeaweblogic_serverMatch6.1sp4
ORbeaweblogic_serverMatch6.1sp5
ORbeaweblogic_serverMatch6.1sp6
ORbeaweblogic_serverMatch6.1sp7
ORbeaweblogic_serverMatch7.0
ORbeaweblogic_serverMatch7.0sp1
ORbeaweblogic_serverMatch7.0sp2
ORbeaweblogic_serverMatch7.0sp3
ORbeaweblogic_serverMatch7.0sp4
ORbeaweblogic_serverMatch7.0sp5
ORbeaweblogic_serverMatch7.0sp6
ORbeaweblogic_serverMatch7.0sp7
ORbeaweblogic_serverMatch8.1
ORbeaweblogic_serverMatch8.1sp1
ORbeaweblogic_serverMatch8.1sp2
ORbeaweblogic_serverMatch8.1sp3
ORbeaweblogic_serverMatch8.1sp4
ORbeaweblogic_serverMatch8.1sp5
ORbeaweblogic_serverMatch8.1sp6
ORbeaweblogic_serverMatch9.0ga
ORbeaweblogic_serverMatch9.1ga
ORbeaweblogic_serverMatch10.0
ORbea_systemsweblogic_serverMatch10.0_mp1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:* |
| bea | weblogic_server | 6.1 | cpe:2.3:a:bea:weblogic_server:6.1:sp7:*:*:*:*:*:* |
| bea | weblogic_server | 7.0 | cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:* |
| bea | weblogic_server | 7.0 | cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:* |
Related
prion
prion
Cross site scripting
2008-02-22 21:44:00
Cross site scripting
2007-05-16 01:19:00
nvd
nvd
CVE-2008-0902
2008-02-22 21:44:00
CVE-2007-2694
2007-05-16 01:19:00
cvelist
cvelist
CVE-2008-0902
2008-02-22 21:00:00
CVE-2007-2694
2007-05-16 01:00:00
cve
cve
CVE-2007-2694
2007-05-16 01:19:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.005
Percentile
75.8%
Related for CVE-2008-0902