Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.
Software | From | Fixed in |
---|---|---|
bea / weblogic_server | 8.1 | 8.1.x |
bea / weblogic_server | 8.1-sp1 | 8.1-sp1.x |
bea / weblogic_server | 8.1-sp2 | 8.1-sp2.x |
bea / weblogic_server | 8.1-sp3 | 8.1-sp3.x |
bea / weblogic_server | 8.1-sp4 | 8.1-sp4.x |