QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2005-1747

Back to search

CVE-2005-1747

Published: May 24, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.

VendorProductVersions

n/a

n/a

affected
n/a

References

BEA05-80.00
vendor-advisory
x_refsource_BEA
15486
third-party-advisory
x_refsource_SECUNIA
1014049
vdb-entry
x_refsource_SECTRACK
ADV-2005-0607
vdb-entry
x_refsource_VUPEN
13717
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now