Page 5 of 27 results (0.012 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 2

Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter. Vulnerabilidad de scripts en sitios cruzados en Interactive.jsp de BEA WebLogic 8.1 y anteriores permite a atacantes remotos inyectar script web malicioso mediante el parámetro person. • https://www.exploit-db.com/exploits/23315 http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp http://marc.info/?l=bugtraq&m=106761926906781&w=2 http://www.securityfocus.com/bid/8938 https://exchange.xforce.ibmcloud.com/vulnerabilities/13568 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0

Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application. • http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp http://www.securityfocus.com/bid/8357 •

CVSS: 2.6EPSS: 0%CPEs: 40EXPL: 0

Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections. • http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm http://online.securityfocus.com/archive/1/281046 http://www.iss.net/security_center/static/9486.php http://www.securityfocus.com/bid/5159 •

CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0

BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. • ftp://ftpna.bea.com/pub/releases/patches/SecurityBEA00-0600.zip http://www.securityfocus.com/bid/5089 https://exchange.xforce.ibmcloud.com/vulnerabilities/5588 •

CVSS: 5.0EPSS: 0%CPEs: 15EXPL: 0

BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. • http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html http://developer.bea.com/alerts/security_000731.html http://www.osvdb.org/1481 http://www.securityfocus.com/bid/1518 •