Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 up to and including 10.0 allows remote malicious users to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
bea weblogic workshop 8.1 |
||
bea weblogic server 9.2 |
||
bea weblogic server 9.0 |
||
bea weblogic server 9.1 |
||
bea systems weblogic 10.0 |