Description
Cross-site scripting (XSS) vulnerability in the Administration Console for BEA Tuxedo 8.1 and earlier allows remote attackers to inject arbitrary web script via the INIFILE argument.
Affected products
- bea / tuxedo6.3 – 6.3
- bea / tuxedo6.4 – 6.4
- bea / tuxedo6.5 – 6.5
- bea / tuxedo7.1 – 7.1
- bea / tuxedo8.0 – 8.0
- bea / tuxedo8.1 – 8.1
- bea / weblogic_server4.2 – 4.2
- bea / weblogic_server5.0.1 – 5.0.1
- bea / weblogic_server5.1 – 5.1