CVE-2005-4751: XSS
First published: Sat Dec 31 2005(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =6.1-sp4 | |
| Oracle WebLogic Server | =6.1 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =6.1-sp5 | |
| Oracle WebLogic Server | =9.0 | |
| Oracle WebLogic Server | =6.1-sp6 | |
| Oracle WebLogic Server | =7.0-sp4 | |
| Oracle WebLogic Server | =6.1-sp1 | |
| Oracle WebLogic Server | =7.0 | |
| Oracle WebLogic Server | =6.1-sp4 | |
| Oracle WebLogic Server | =6.1-sp7 | |
| Oracle WebLogic Server | =6.1-sp3 | |
| Oracle WebLogic Server | =7.0-sp6 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =6.1-sp6 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =7.0-sp2 | |
| Oracle WebLogic Server | =7.0-sp3 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =7.0-sp5 | |
| Oracle WebLogic Server | =7.0-sp5 | |
| Oracle WebLogic Server | =6.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =9.0 | |
| Oracle WebLogic Server | =8.1-sp3 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =6.1 | |
| Oracle WebLogic Server | =6.1-sp2 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =6.1-sp5 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =6.1-sp3 | |
| Oracle WebLogic Server | =7.0-sp1 | |
| Oracle WebLogic Server | =8.1-sp4 | |
| Oracle WebLogic Server | =6.1-sp2 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =6.1-sp7 | |
| Oracle WebLogic Server | =7.0 | |
| Oracle WebLogic Server | =7.0-sp6 | |
| Oracle WebLogic Server | =7.0-sp4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/remedy
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/8.1
- version/oracle weblogic server/7.0-sp2
- version/oracle weblogic server/6.1-sp4
- version/oracle weblogic server/6.1
- version/oracle weblogic server/6.1-sp5
- version/oracle weblogic server/9.0
- version/oracle weblogic server/6.1-sp6
- version/oracle weblogic server/7.0-sp4
- version/oracle weblogic server/6.1-sp1
- version/oracle weblogic server/7.0
- version/oracle weblogic server/6.1-sp7
- version/oracle weblogic server/6.1-sp3
- version/oracle weblogic server/7.0-sp6
- version/oracle weblogic server/7.0-sp3
- version/oracle weblogic server/8.1-sp3
- version/oracle weblogic server/8.1-sp4
- version/oracle weblogic server/7.0-sp5
- version/oracle weblogic server/8.1-sp1
- version/oracle weblogic server/8.1-sp2
- version/oracle weblogic server/6.1-sp2
- version/oracle weblogic server/7.0-sp1