Описание
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.
Ссылки
- ExploitPatchThird Party AdvisoryVDB Entry
- Patch
- Third Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB EntryVendor Advisory
- VDB Entry
- VDB Entry
- ExploitPatchThird Party AdvisoryVDB Entry
- Patch
- Third Party AdvisoryVDB EntryVendor Advisory
- Third Party AdvisoryVDB EntryVendor Advisory
- VDB Entry
- VDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 11.5.6.0.0 (включая) до 11.5.6.16.52 (включая)Версия от 11.5.7.0.0 (включая) до 11.5.7.17.31 (включая)
Одно из
cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:configurator:11i:*:*:*:*:*:*:*
EPSS
Процентиль: 81%
0.0152
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.
EPSS
Процентиль: 81%
0.0152
Низкий
6.8 Medium
CVSS2
Дефекты
NVD-CWE-Other