|
|
CVE Reference: CVE-2007-2119 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-2119 |
|
|
Description: Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01. |
|
|
CVE Status: Candidate |
|
|
References: ST 1017927 MISC http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html http://www.red-database-security.com/advisory/oracle_css_ses.html HP http://www.securityfocus.com/archive/1/archive/1/466329/100/200/threaded CONFIRM http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html CERT http://www.us-cert.gov/cas/techalerts/TA07-108A.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/466156/100/0/threaded BID 23532 |
|
| Return to the previous page. |
