6 matches found
Design/Logic Flaw
BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources...
CVE-2007-2702
CVE-2007-2702 describes a cross-site scripting (XSS) vulnerability in the GroupSpace component of BEA WebLogic Portal 9.2 GA. The root cause is an XSS flaw related to the rich text editor, allowing remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. The conn...
CVE-2007-2702
Cross-site scripting XSS vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor...
CVE-2007-0423
BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact...
Code injection
BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact...
CVE-2007-0423
BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be "inadvertently affected," which has an unknown impact...