Lucene search

[email protected]CVE-2003-0624

HistoryDec 01, 2003 - 5:00 a.m.

CVE-2003-0624

2003-12-0105:00:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2003-0624

cross-site scripting

xss

interactivequery.jsp

bea weblogic 8.1

security vulnerability

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.9%

JSON

Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for BEA WebLogic 8.1 and earlier allows remote attackers to inject malicious web script via the person parameter.

CPENameOperatorVersion
bea:weblogic_serverbea weblogic serverle8.1
bea:weblogic_serverbea weblogic servereq3.1.8

CPE	Name	Operator	Version
bea:weblogic_server	bea weblogic server	le	8.1
bea:weblogic_server	bea weblogic server	eq	3.1.8

References

dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.jsp

marc.info/?l=bugtraq&m=106761926906781&w=2

www.securityfocus.com/bid/8938

exchange.xforce.ibmcloud.com/vulnerabilities/13568

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for CVE-2003-0624

securityvulns1 cvelist1