Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 00:25
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/32906 - | |
References | () http://secunia.com/advisories/23794 - Patch, Vendor Advisory | |
References | () http://securitytracker.com/id?1017522 - | |
References | () http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html - | |
References | () http://www.securityfocus.com/archive/1/457193/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/22083 - | |
References | () http://www.us-cert.gov/cas/techalerts/TA07-017A.html - US Government Resource | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/31541 - |
Information
Published : 2007-01-17 02:28
Updated : 2024-11-21 00:25
NVD link : CVE-2007-0275
Mitre link : CVE-2007-0275
CVE.ORG link : CVE-2007-0275
JSON object : View
Products Affected
oracle
- database_server
- e-business_suite
- application_server
- collaboration_suite
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')