CVE-2005-4549

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2005-4549
Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://marc.info/?l=full-disclosure&m=113532626203708&w=2
http://securityreason.com/securityalert/298
http://securitytracker.com/id?1015405
http://www.securityfocus.com/bid/16048 Exploit
http://www.vupen.com/english/advisories/2005/3085
http://marc.info/?l=full-disclosure&m=113532626203708&w=2
http://securityreason.com/securityalert/298
http://securitytracker.com/id?1015405
http://www.securityfocus.com/bid/16048 Exploit
http://www.vupen.com/english/advisories/2005/3085
Configurations

Configuration 1 (hide)

cpe:2.3:a:oracle:application_server_discussion_forum_portlet:*:*:*:*:*:*:*:*
History

21 Nov 2024, 00:04

Type Values Removed Values Added
References () http://marc.info/?l=full-disclosure&m=113532626203708&w=2 - () http://marc.info/?l=full-disclosure&m=113532626203708&w=2 -
References () http://securityreason.com/securityalert/298 - () http://securityreason.com/securityalert/298 -
References () http://securitytracker.com/id?1015405 - () http://securitytracker.com/id?1015405 -
References () http://www.securityfocus.com/bid/16048 - Exploit () http://www.securityfocus.com/bid/16048 - Exploit
References () http://www.vupen.com/english/advisories/2005/3085 - () http://www.vupen.com/english/advisories/2005/3085 -
Information

Published : 2005-12-28 11:03

Updated : 2025-04-03 01:03

NVD link : CVE-2005-4549

Mitre link : CVE-2005-4549

CVE.ORG link : CVE-2005-4549

JSON object : View

Products Affected

oracle

  • application_server_discussion_forum_portlet
CWE
NVD-CWE-Other