CVSS: 6.1EPSS: 3%CPEs: 2EXPL: 2CVE-2003-0624 – BEA WebLogic 6/7/8 - InteractiveQuery.jsp Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2003-0624
05 Nov 2003 — Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. Vulnerabilidad de scripts en sitios cruzados en Interactive.jsp de BEA WebLogic 8.1 y anteriores permite a atacantes remotos inyectar script web malicioso mediante el parámetro person. • https://www.exploit-db.com/exploits/23315 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 1%CPEs: 5EXPL: 0CVE-2003-0733
https://notcve.org/view.php?id=CVE-2003-0733
04 Sep 2003 — Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp •
CVSS: 5.9EPSS: 0%CPEs: 40EXPL: 0CVE-2002-1030
https://notcve.org/view.php?id=CVE-2002-1030
04 Oct 2002 — Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. • http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html •
CVSS: 8.2EPSS: 0%CPEs: 14EXPL: 0CVE-2000-1238
https://notcve.org/view.php?id=CVE-2000-1238
31 Dec 2000 — BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. • ftp://ftpna.bea.com/pub/releases/patches/SecurityBEA00-0600.zip •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2000-0682
https://notcve.org/view.php?id=CVE-2000-0682
13 Oct 2000 — BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. • http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html •
CVSS: 7.5EPSS: 0%CPEs: 15EXPL: 0CVE-2000-0683
https://notcve.org/view.php?id=CVE-2000-0683
13 Oct 2000 — BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet. • http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html •
CVSS: 7.5EPSS: 5%CPEs: 8EXPL: 2CVE-2000-0500 – BEA Systems WebLogic Express 3.1.8/4/5 - Source Code Disclosure
https://notcve.org/view.php?id=CVE-2000-0500
21 Jun 2000 — The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing. • https://www.exploit-db.com/exploits/20027 •