Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Oracle Database Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2007-0275 - Vulnerability Database
Oracle Database Server

Oracle Database Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2007-0275

Low
Reference: CVE-2007-0275
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2007-0275
Title: Oracle Database Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component as used in Oracle Database 9.2.0.8 10.1.0.5 and 10.2.0.3 Application Server 9.0.4.3 10.1.2.0.2 and 10.1.2.2 Collaboration Suite 10.1.2 and Oracle E-Business Suite and Applications 11.5.10CU2 allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60 aka OWF01.