ID CVE-2005-2379
Summary Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet.
References
Vulnerable Configurations
  • Oracle Oracle Reports 9.0.2
    cpe:2.3:a:oracle:reports:9.0.2
CVSS
Base: 4.3 (as of 27-07-2005 - 14:30)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
refmap via4
bugtraq 20050719 Oracle Security Advisory: Various Cross-Site-Scripting Oracle Reports
misc http://www.red-database-security.com/advisory/oracle_reports_various_css.html
Last major update 17-10-2016 - 23:26
Published 26-07-2005 - 00:00
Back to Top