CVE-2003-0733

Опубликовано: 20 окт. 2003

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.

Ссылки

http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp
http://www.securityfocus.com/bid/8357
Patch
Vendor Advisory
http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp
http://www.securityfocus.com/bid/8357
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:bea:liquid_data:1.1:*:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_integration:2.0:*:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_integration:7.0:*:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:5.1:*:*:*:*:*:*:*

cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*

EPSS

Процентиль: 76%

0.00969

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-cfc9-g2p5-76v2

github

больше 3 лет назад