Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary web script and steal authentication credentials via (1) a forward instruction to the Servlet container or (2) other vulnerabilities in the WebLogic Server console application.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Liquid Data | 1.1 |
| Bea | Weblogic Integration | 2.0 |
| Bea | Weblogic Server | 5.1 |
References
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.js
- http://www.securityfocus.com/bid/8357PatchVendor Advisory
- http://dev2dev.bea.com/resourcelibrary/advisoriesnotifications/SA_BEA03_36.00.js
- http://www.securityfocus.com/bid/8357PatchVendor Advisory
FAQ
What is CVE-2003-0733?
CVE-2003-0733 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integration 7.0 and 2.0, Liquid Data 1.1, and WebLogic Server and Express 5.1 through 7.0, allow remote attackers to execute arbitrary w...
How severe is CVE-2003-0733?
CVE-2003-0733 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0733?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Liquid Data, Bea Weblogic Integration, Bea Weblogic Server.