CVSS: 6.8EPSS: 0%CPEs: 42EXPL: 0CVE-2005-4751
https://notcve.org/view.php?id=CVE-2005-4751
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors. • http://dev2dev.bea.com/pub/advisory/139 http://secunia.com/advisories/17138 http://www.securityfocus.com/bid/15052 •
CVSS: 5.0EPSS: 0%CPEs: 24EXPL: 0CVE-2005-4753
https://notcve.org/view.php?id=CVE-2005-4753
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection. • http://dev2dev.bea.com/pub/advisory/143 http://secunia.com/advisories/17138 http://www.securityfocus.com/bid/15052 •
CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0CVE-2005-4756
https://notcve.org/view.php?id=CVE-2005-4756
BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges. • http://dev2dev.bea.com/pub/advisory/146 http://secunia.com/advisories/17138 http://www.securityfocus.com/bid/15052 •
CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 0CVE-2005-4757
https://notcve.org/view.php?id=CVE-2005-4757
BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections. • http://dev2dev.bea.com/pub/advisory/147 http://secunia.com/advisories/17138 http://www.securityfocus.com/bid/15052 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2005-4759
https://notcve.org/view.php?id=CVE-2005-4759
BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages. • http://dev2dev.bea.com/pub/advisory/149 http://secunia.com/advisories/17138 http://www.securityfocus.com/bid/15052 •