CVE-2005-2379

Name of the Vulnerable Software and Affected Versions Oracle Reports version 9.0.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via several parameters, including the debug parameter to showenv, the test parameter to parsequery, or the delimiter or CELLWRAPPER parameter to rwservlet.

Recommendations For Oracle Reports version 9.0.2, consider disabling the showenv, parsequery, and rwservlet functions until a patch is available to prevent exploitation through the debug, test, delimiter, and CELLWRAPPER parameters. Restrict access to these parameters to minimize the risk of XSS attacks.