Cross Site Scripting In Bea Admin Console

Full Version: Cross Site Scripting In Bea Admin Console

GovernmentSecurity.org > General GSO > Exploit & Vulnerability Mailing List Archives

qcred11

Apr 28 2005, 06:55 PM

QUOTE

Name Cross Site Scripting in BEA Admin Console
Systems Affected BEA Admin Console 8.1
Severity Low Risk
Category Cross Site Scripting (CSS/XSS)
Vendor URL http://www.bea.com
Author Alexander Kornbrust
Date 28 Apr 2005

Details
One input field in the BEA Admin console is not properly checked. This causes a cross site scripting vulnerability.

Workarounds
None.

Example
http://server:8001/console/actions/jndi/Jn...2CType%3DServer

Source: http://seclists.org/lists/bugtraq/2005/Apr/0492.html

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.