6.8
CVE-2007-2119
- EPSS 4.35%
- Veröffentlicht 18.04.2007 18:19:00
- Zuletzt bearbeitet 16.06.2026 22:38:58
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oracle ≫ Application Server Version9.0.4.3
Oracle ≫ Application Server Version10.1.2.0.2
Oracle ≫ Application Server Version10.1.2.2
Oracle ≫ Database Server Version9.2.0.8
Oracle ≫ Database Server Version10.1.0.5
Oracle ≫ Database Server Version10.2.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.35% | 0.9 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html
http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
http://www.securityfocus.com/archive/1/466329/100/200/threaded
http://www.securityfocus.com/bid/23532
http://www.securitytracker.com/id?1017927
http://www.us-cert.gov/cas/techalerts/TA07-108A.html
http://www.vupen.com/english/advisories/2007/1426
http://www.red-database-security.com/advisory/oracle_css_ses.html
http://www.securityfocus.com/archive/1/466156/100/0/threaded