Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NApache Axis
APPApache1.0 – 1.4Debian
OSDebian9.0Oracle Agile Engineering Data Management
APPOracle6.2.1.0Oracle Agile Product Lifecycle Management
APPOracle9.3.3Oracle Application Testing Suite
APPOracle13.2.0.113.3.0.1Oracle Big Data Discovery
APPOracle1.6Oracle Communications Asap Cartridges
APPOracle7.27.3Oracle Communications Design Studio
APPOracle7.3.4.3.07.3.5.5.07.4.0.4.07.4.1.1.0Oracle Communications Element Manager
APPOracle8.0.08.1.08.1.18.2.0Oracle Communications Network Integrity
APPOracle7.3.57.3.6Oracle Communications Order And Service Management
APPOracle7.3.0.0.07.4Oracle Communications Session Report Manager
APPOracle8.0.08.1.08.1.18.2.0Oracle Communications Session Route Manager
APPOracle8.0.08.1.08.1.18.2.0Oracle Endeca Information Discovery Studio
APPOracle3.2.0Oracle Enterprise Manager Base Platform
APPOracle12.1.0.513.3.0.0Oracle Enterprise Manager For Fusion Middleware
APPOracle12.1.0.5Oracle Financial Services Analytical Applications Infrastructure
APPOracle7.3.3 – 7.3.58.0.0 – 8.0.8Oracle Financial Services Compliance Regulatory Reporting
APPOracle8.0.6 – 8.0.8Oracle Financial Services Funds Transfer Pricing
APPOracle8.0.2 – 8.0.7Oracle Flexcube Core Banking
APPOracle11.10.011.7.011.8.011.9.0Oracle Flexcube Private Banking
APPOracle12.0.012.1.0Oracle Hospitality Guest Access
APPOracle4.2.04.2.1Oracle Instantis Enterprisetrack
APPOracle17.117.217.3Oracle Internet Directory
APPOracle12.2.1.3.012.2.1.4.0Oracle Knowledge
APPOracle8.6.0 – 8.6.3Oracle Peoplesoft Enterprise Human Capital Management Human Resources
APPOracle9.2Oracle Peoplesoft Enterprise Peopletools
APPOracle8.568.578.58Oracle Policy Automation Connector For Siebel
APPOracle10.4.6Oracle Primavera Gateway
APPOracle16.2.1117.12.6Oracle Primavera Unifier
APPOracle16.116.218.819.1217.7 – 17.12
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
XSS
CWE
References
Related vulnerabilities
CVE-2026-35273CRITICAL9.8⚠ KEVPL ✓ten sam produkt
Pominięcie uwierzytelnienia w Oracle PeopleSoft PeopleTools (RCE/Takeover)
CVE-2026-24061CRITICAL9.8⚠ KEVPL ✓ten sam produkt
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
CVE-2025-49113CRITICAL9.9⚠ KEVPL ✓ten sam produkt
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
CVE-2025-32433CRITICAL10.0⚠ KEVPL ✓ten sam produkt
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)