Description

Cross-site scripting (XSS) vulnerability in axis2-admin/axis2-admin/engagingglobally in the administration console in Apache Axis2/Java 1.4.1, 1.5.1, and possibly other versions, as used in SAP Business Objects 12, 3com IMC, and possibly other products, allows remote attackers to inject arbitrary web script or HTML via the modules parameter. NOTE: some of these details are obtained from third party information.

Remediation

References

http://osvdb.org/64844

http://secunia.com/advisories/39906

http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf

http://www.exploit-db.com/exploits/12689

http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr10-03

http://www.securityfocus.com/archive/1/511404/100/0/threaded

http://www.securityfocus.com/bid/40327

http://www.vupen.com/english/advisories/2010/1215

https://exchange.xforce.ibmcloud.com/vulnerabilities/58790

https://kb.juniper.net/KB27373

Related Vulnerabilities

CVE-2023-29520 Vulnerability in maven package org.xwiki.platform:xwiki-platform-localization-source-wiki

CVE-2022-35204 Vulnerability in npm package vite

CVE-2023-48796 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-alert-server

CVE-2023-31103 Vulnerability in maven package org.apache.inlong:manager-service

CVE-2023-52079 Vulnerability in npm package msgpackr

Severity

Critical

Classification

CWE-79

Tags

Exploit Vendor Advisory