6.8

CVE-2002-1640

Exploit
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleConfigurator Version >= 11.5.6.0.0 <= 11.5.6.16.52
OracleConfigurator Version >= 11.5.7.0.0 <= 11.5.7.17.31
OracleConfigurator Version11i
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.24% 0.915
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://securitytracker.com/id?1003967
Patch
Third Party Advisory
Exploit
VDB Entry
http://www.oracle.com/technology//deploy/security/htdocs/oconfigvul.html
Patch
http://www.securityfocus.com/bid/4430
Third Party Advisory
Vendor Advisory
VDB Entry
http://www.securityfocus.com/bid/4436
Third Party Advisory
Vendor Advisory
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/8780
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/8781
VDB Entry