exploitDog

CVE-2006-7158

Опубликовано: 07 мар. 2007

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.

Комментарий

This vulnerability is addressed in the following product update: http://www.oracle.com/technology/products/database/application_express/download.html

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oracle:apex:*:*:*:*:*:*:*:*

Версия до 2.2 (включая)

EPSS

Процентиль: 71%

0.00661

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-wr25-mjww-qfr9

github

почти 4 года назад

Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.

EPSS

Процентиль: 71%

0.00661

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other