Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.
Software | From | Fixed in |
---|---|---|
bea / weblogic_server | 9.0 | 9.0.x |
bea / weblogic_server | 9.1 | 9.1.x |
bea / weblogic_server | 9.2 | 9.2.x |
bea / weblogic_workshop | 8.1-sp2 | 8.1-sp2.x |
bea / weblogic_workshop | 8.1-sp3 | 8.1-sp3.x |
bea / weblogic_workshop | 8.1-sp4 | 8.1-sp4.x |
bea / weblogic_workshop | 8.1-sp5 | 8.1-sp5.x |
bea / weblogic_workshop | 8.1-sp6 | 8.1-sp6.x |
bea_systems / weblogic | 10.0 | 10.0.x |