Oracle · Oracle Reports Server · CVE-2005-0873
**Name of the Vulnerable Software and Affected Versions**
Oracle Reports Server version 9.0.4.3.3
**Description**
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the `desname` or `repprod` parameters in the test.jsp file.
**Recommendations**
For Oracle Reports Server version 9.0.4.3.3, as a temporary workaround, consider restricting access to the test.jsp file until a patch is available. Avoid using the `desname` and `repprod` parameters in the affected file until the issue is resolved.