6.8

CVE-2007-2119

Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleApplication Server Version9.0.4.3
OracleApplication Server Version10.1.2.0.2
OracleApplication Server Version10.1.2.2
OracleDatabase Server Version9.2.0.8
OracleDatabase Server Version10.1.0.5
OracleDatabase Server Version10.2.0.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.35% 0.9
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html
http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
http://www.securityfocus.com/archive/1/466329/100/200/threaded
http://www.securityfocus.com/bid/23532
http://www.securitytracker.com/id?1017927
http://www.us-cert.gov/cas/techalerts/TA07-108A.html
US Government Resource
http://www.vupen.com/english/advisories/2007/1426
http://www.red-database-security.com/advisory/oracle_css_ses.html
http://www.securityfocus.com/archive/1/466156/100/0/threaded