CVE-2007-2702

Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.

CVSS v2.0 3.5 LOW

3.5^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:M/Au:S/C:N/I:P/A:N

Exploitability : 6.8 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://dev2dev.bea.com/pub/advisory/235	Patch Vendor Advisory
http://osvdb.org/36066
http://secunia.com/advisories/25284	Vendor Advisory
http://www.securitytracker.com/id?1018060
http://www.vupen.com/english/advisories/2007/1815
https://exchange.xforce.ibmcloud.com/vulnerabilities/34283

Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:weblogic_portal:9.2:ga:*:*:*:*:*:*

History

No history.

Information

Published : 2007-05-16 01:19

Updated : 2024-02-28 11:01

NVD link : CVE-2007-2702

Mitre link : CVE-2007-2702

CVE.ORG link : CVE-2007-2702

JSON object : View

Products Affected

oracle

weblogic_portal

CWE

NVD-CWE-Other

{"id": "CVE-2007-2702", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2007-05-16T01:19:00.000", "references": [{"url": "http://dev2dev.bea.com/pub/advisory/235", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/36066", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/25284", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1018060", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2007/1815", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34283", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor."}, {"lang": "es", "value": "Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en la aplicaci\u00f3n GroupSpace de BEA WebLogic Portal 9.2 GA permite a usuarios remotos autenticados inyectar secuencias de comandos (script) web o HTML de su elecci\u00f3n a trav\u00e9s de vectores sin especificar relacionados con el editor de texto enriquecido."}], "lastModified": "2018-10-30T16:25:28.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:oracle:weblogic_portal:9.2:ga:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B7182B23-E5D5-4913-A11E-8AF727BEE9CD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}