Oracle Application Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2002-2347 - Vulnerability Database

Oracle Application Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2002-2347

Medium
Reference: CVE-2002-2347
Title: Oracle Application Server Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2 1.0.2.2 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field.