1. CVE-Search
  2. CVE-2002-1640
ID CVE-2002-1640
Summary Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:configurator:11.5.6.16.27:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.6.16.27:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11.5.6.16.36:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.6.16.36:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11.5.6.16.38:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.6.16.38:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11.5.6.16.39:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.6.16.39:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11.5.6.16.45:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.6.16.45:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11.5.6.16.47:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.6.16.47:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11.5.6.16.49:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.6.16.49:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11.5.6.16.52:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.6.16.52:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11.5.7.17.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.7.17.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11.5.7.17.13:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.7.17.13:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11.5.7.17.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.7.17.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11.5.7.17.16:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.7.17.16:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11.5.7.17.17:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.7.17.17:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11.5.7.17.18:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.7.17.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11.5.7.17.31:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11.5.7.17.31:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:configurator:11i:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:configurator:11i:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 26-09-2018 - 16:04)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
bid
  • 4430
  • 4436
confirm http://www.oracle.com/technology//deploy/security/htdocs/oconfigvul.html
sectrack 1003967
xf
  • oracle-configurator-dhtml-css(8780)
  • oracle-configurator-uiservlet-css(8781)
Last major update 26-09-2018 - 16:04
Published 01-04-2002 - 05:00
Last modified 26-09-2018 - 16:04
Back to Top