• info
• discussion
• exploit
• solution
• references

Bea WebLogic/Liquid Data Multiple Cross-Site Scripting Vulnerabilities

BEA Systems has reported multiple cross-site scripting vulnerabilities in BEA WebLogic Express/Server, WebLogic Integration and Liquid Data. These issues can be exploited by enticing a legitimate user into following a malicious link to a vulnerable site. HTML and script code included in such a link may be rendered in the web browser of the victim user.

Exploitation could allow for theft of cookie-based authentication credentials or other attacks.