ID CVE-2009-1987
Summary Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools - Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.21 allows remote attackers to affect integrity via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:peoplesoft_enterprise:8.49.21
    cpe:2.3:a:oracle:peoplesoft_enterprise:8.49.21
  • cpe:2.3:a:oracle:jd_edwards_enterpriseone:8.49.21
    cpe:2.3:a:oracle:jd_edwards_enterpriseone:8.49.21
CVSS
Base: 5.0 (as of 15-07-2009 - 11:01)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
NASL family CGI abuses : XSS
NASL id PEOPLESOFT_JMSLCA_ACTIVITY_XSS.NASL
description The remote web server is running an instance of PeopleSoft PeopleTools that fails to sanitize user-supplied input to the 'Activity' parameter on submission to the JMS Listening Connector Administrator interface before using it to generate dynamic HTML output. An attacker may be able to leverage this to inject arbitrary HTML and script code into a user's browser to be executed within the security context of the affected site.
last seen 2019-02-21
modified 2018-08-22
plugin id 42352
published 2009-10-29
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=42352
title PeopleSoft PeopleTools JMS Listening Connector Activity Parameter XSS
refmap via4
bid 35691
confirm http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
osvdb 55909
sectrack 1022566
secunia 35776
vupen ADV-2009-1900
xf oracle-pse-jdee-pepep-unspecified(51769)
Last major update 22-10-2012 - 23:07
Published 14-07-2009 - 19:30
Last modified 16-08-2017 - 21:30
Back to Top