cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2007-2702,https://securityvulnerability.io/vulnerability/CVE-2007-2702,,Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.,Oracle,Weblogic Portal,,,0.001230000052601099,false,,false,false,false,,,false,false,,2007-05-16T01:00:00.000Z,0
CVE-2007-2703,https://securityvulnerability.io/vulnerability/CVE-2007-2703,,"BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if an administrator provides a long role description, which might allow remote authenticated users to access privileged resources.",Oracle,Weblogic Portal,,,0.0010900000343099236,false,,false,false,false,,,false,false,,2007-05-16T01:00:00.000Z,0
CVE-2007-0423,https://securityvulnerability.io/vulnerability/CVE-2007-0423,,"BEA WebLogic Portal 9.2 does not properly handle when an administrator deletes entitlements for a role, which causes other role entitlements to be ""inadvertently affected,"" which has an unknown impact.",Oracle,Weblogic Portal,,,0.0011500000255182385,false,,false,false,false,,,false,false,,2007-01-23T00:00:00.000Z,0
CVE-2007-0426,https://securityvulnerability.io/vulnerability/CVE-2007-0426,,"BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered environment using WebLogic Portal entitlements, does not properly propagate entitlement policy changes if the changes are made on a managed server while the Administrative Server is unavailable, which might allow attackers to bypass intended restrictions.",Oracle,Weblogic Portal,,,0.0063299997709691525,false,,false,false,false,,,false,false,,2007-01-23T00:00:00.000Z,0
CVE-2006-1358,https://securityvulnerability.io/vulnerability/CVE-2006-1358,,"Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes a JSR-168 Portlet to be retrieved from the cache for the wrong session, which might allow one user to see a Portlet of another user.",Oracle,Weblogic Portal,,,0.00394000019878149,false,,false,false,false,,,false,false,,2006-03-22T02:00:00.000Z,0
CVE-2006-0428,https://securityvulnerability.io/vulnerability/CVE-2006-0428,,"Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs.",Oracle,Weblogic Portal,,,0.018230000510811806,false,,false,false,false,,,false,false,,2006-01-25T23:00:00.000Z,0
CVE-2006-0423,https://securityvulnerability.io/vulnerability/CVE-2006-0423,,"BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.",Oracle,Weblogic Portal,,,0.010049999691545963,false,,false,false,false,,,false,false,,2006-01-25T23:00:00.000Z,0
CVE-2006-0425,https://securityvulnerability.io/vulnerability/CVE-2006-0425,,BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors.,Oracle,Weblogic Portal,,,0.022040000185370445,false,,false,false,false,,,false,false,,2006-01-25T23:00:00.000Z,0
CVE-2005-2680,https://securityvulnerability.io/vulnerability/CVE-2005-2680,,"Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs.",Oracle,Weblogic Portal,,,0.0022700000554323196,false,,false,false,false,,,false,false,,2005-08-23T04:00:00.000Z,0