Oracle

Application Server Discussion Forum Portlet

2 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2005-4549

Exploit
  • EPSS 0.95%
  • Published 28.12.2005 11:03:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3)...

5

CVE-2005-4550

Exploit
  • EPSS 53.48%
  • Published 28.12.2005 11:03:00
  • Last modified 03.04.2025 01:03:51

The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00).