VYPR
Unrated severityNVD Advisory· Published Feb 21, 2008· Updated Jun 16, 2026

CVE-2008-0869

CVE-2008-0869

Description

Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 through SP6 and Workshop for WebLogic 9.0 through 10.0 allows remote attackers to inject arbitrary web script or HTML via a "framework defined request parameter" when using WebLogic Workshop or Apache Beehive NetUI framework with page flows.

Affected products

10
  • cpe:2.3:a:bea_systems:weblogic:10.0:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:bea_systems:weblogic:10.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_server:9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:bea:weblogic_workshop:8.1:sp2:*:*:*:*:*:*+ 5 more
    • cpe:2.3:a:bea:weblogic_workshop:8.1:sp2:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_workshop:8.1:sp3:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_workshop:8.1:sp4:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_workshop:8.1:sp5:*:*:*:*:*:*
    • cpe:2.3:a:bea:weblogic_workshop:8.1:sp6:*:*:*:*:*:*
    • (no CPE)range: 8.1 through SP6

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.