PT-2018-13794 · Oracle · Oracle Webcenter Interaction Portal

Ben N

Publicado

2018-09-18

Atualizado

2018-11-09

CVE-2018-16955

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Interaction Portal version 10.3.3

Description The login function is susceptible to reflected cross-site scripting (XSS) due to the unsafe reflection of the content of the in hi redirect parameter in an HTML META tag in the HTTP response, specifically when the parameter is prefixed with the https:// scheme.

Recommendations For Oracle WebCenter Interaction Portal version 10.3.3, as a temporary workaround, consider restricting the use of the in hi redirect parameter in the login function until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-16955

Produtos afetados

Oracle Webcenter Interaction Portal

PT-2018-13794 · Oracle · Oracle Webcenter Interaction Portal

CVE-2018-16955

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4