CVE-2007-2702 - Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA

CVE-2007-2702

Summary

Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.

References

http://dev2dev.bea.com/pub/advisory/235
http://osvdb.org/36066
http://secunia.com/advisories/25284
http://www.securitytracker.com/id?1018060
http://www.vupen.com/english/advisories/2007/1815
https://exchange.xforce.ibmcloud.com/vulnerabilities/34283

Vulnerable Configurations

cpe:2.3:a:oracle:weblogic_portal:9.2:ga:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_portal:9.2:ga:*:*:*:*:*:*

CVSS

Base:	3.5 (as of 30-10-2018 - 16:25)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:S/C:N/I:P/A:N

refmap via4

bea	BEA07-166.00
osvdb	36066
sectrack	1018060
secunia	25284
vupen	ADV-2007-1815
xf	weblogic-portal-groupspace-xss(34283)

Last major update

30-10-2018 - 16:25

Published

16-05-2007 - 01:19

Last modified

30-10-2018 - 16:25