Cross-Site Scripting Vulnerability in GroupSpace Application on BEA WebLogic Portal
CVE-2007-2702

Currently unrated

Key Information:

Vendor: Oracle
Status: Weblogic Portal
Vendor: CVE Published:; 16 May 2007

What is CVE-2007-2702?

The GroupSpace application within BEA WebLogic Portal 9.2 GA is susceptible to a cross-site scripting (XSS) vulnerability. This flaw allows remote authenticated users to inject arbitrary HTML or web script content through unspecified vectors in the rich text editor. This could lead to unauthorized access and manipulation of web application content, presenting significant security risks to affected systems.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/34283

vdb-entryx_refsource_XF

http://secunia.com/advisories/25284

third-party-advisoryx_refsource_SECUNIA

http://osvdb.org/36066

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
May 16, 2007
Vulnerability Reserved
May 15, 2007

Oracle

What is CVE-2007-2702?

References

Timeline