Japan Vulnerability NotesJVN:93431860JVN#93431860 Oracle WebLogic Server vulnerable to cross-site scripting
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.5%
Oracle WebLogic Server is an application server based on Java Platform Enterprise Edition 5 (JavaEE5). Oracle WebLogic Server contains a cross-site scripting vulnerability.
Impact
An arbitrary script may be executed on the userβs web browser.
Solution
Update the Software
Apply the latest updates provided by the vendor.
For more information, refer to the vendorβs web site.
Products Affected
- Oracle WebLogic Server 10.3
- Oracle WebLogic Server 10.0 MP1
- Oracle WebLogic Server 9.2 MP3
- Oracle WebLogic Server 9.1
- Oracle WebLogic Server 9.0
- Oracle WebLogic Server 8.1 SP6
- Oracle WebLogic Server 7.0 SP7
For more information, refer to the vendorβs website.
Related
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.5%