{"api_version":"1","generated_at":"2026-04-23T12:34:01+00:00","cve":"CVE-2007-2702","urls":{"html":"https://cve.report/CVE-2007-2702","api":"https://cve.report/api/cve/CVE-2007-2702.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2007-2702","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2007-2702"},"summary":{"title":"CVE-2007-2702","description":"Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.","state":"PUBLISHED","assigner":"mitre","published_at":"2007-05-16 01:19:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"3.5","severity":"","vector":"AV:N/AC:M/Au:S/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://dev2dev.bea.com/pub/advisory/235","name":"http://dev2dev.bea.com/pub/advisory/235","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Cross-site scripting attacks in the WebLogic Portal Groupspace application","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34283","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34283","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1018060","name":"http://www.securitytracker.com/id?1018060","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"WebLogic Portal Input Validation Hole Permits Cross-Site Scripting Attacks and Entitlement Bug Lets Remote Users Access Resources - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/25284","name":"http://secunia.com/advisories/25284","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"BEA Products Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/36066","name":"http://osvdb.org/36066","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.vupen.com/english/advisories/2007/1815","name":"http://www.vupen.com/english/advisories/2007/1815","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2007-2702","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2007-2702","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2007","cve_id":"2702","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"weblogic_portal","cpe6":"9.2","cpe7":"ga","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T13:49:57.174Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"weblogic-portal-groupspace-xss(34283)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"},{"name":"25284","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/25284"},{"name":"36066","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/36066"},{"name":"BEA07-166.00","tags":["vendor-advisory","x_refsource_BEA","x_transferred"],"url":"http://dev2dev.bea.com/pub/advisory/235"},{"name":"1018060","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id?1018060"},{"name":"ADV-2007-1815","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2007/1815"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2007-05-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"weblogic-portal-groupspace-xss(34283)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"},{"name":"25284","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/25284"},{"name":"36066","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/36066"},{"name":"BEA07-166.00","tags":["vendor-advisory","x_refsource_BEA"],"url":"http://dev2dev.bea.com/pub/advisory/235"},{"name":"1018060","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id?1018060"},{"name":"ADV-2007-1815","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2007/1815"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2007-2702","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"weblogic-portal-groupspace-xss(34283)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/34283"},{"name":"25284","refsource":"SECUNIA","url":"http://secunia.com/advisories/25284"},{"name":"36066","refsource":"OSVDB","url":"http://osvdb.org/36066"},{"name":"BEA07-166.00","refsource":"BEA","url":"http://dev2dev.bea.com/pub/advisory/235"},{"name":"1018060","refsource":"SECTRACK","url":"http://www.securitytracker.com/id?1018060"},{"name":"ADV-2007-1815","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2007/1815"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2007-2702","datePublished":"2007-05-16T01:00:00.000Z","dateReserved":"2007-05-15T00:00:00.000Z","dateUpdated":"2024-08-07T13:49:57.174Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2007-05-16 01:19:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:weblogic_portal:9.2:ga:*:*:*:*:*:*","matchCriteriaId":"B7182B23-E5D5-4913-A11E-8AF727BEE9CD"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2007","CveId":"2702","Ordinal":"1","Title":"CVE-2007-2702","CVE":"CVE-2007-2702","Year":"2007"},"notes":[{"CveYear":"2007","CveId":"2702","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the GroupSpace application in BEA WebLogic Portal 9.2 GA allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the rich text editor.","Type":"Description","Title":"CVE-2007-2702"},{"CveYear":"2007","CveId":"2702","Ordinal":"2","NoteData":"2007-05-15","Type":"Other","Title":"Published"},{"CveYear":"2007","CveId":"2702","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}