CVE-2018-16953

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Interaction Portal version 10.3.3

Description The issue concerns a reflected cross-site scripting (XSS) problem. Specifically, user input from the name parameter is unsafely reflected in the server response by the AjaxView::DisplayResponse() function of the portalpages.dll assembly.

Recommendations For Oracle WebCenter Interaction Portal version 10.3.3, consider restricting the use of the AjaxView::DisplayResponse() function until a resolution is available. Avoid using the name parameter in affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.