CVE-2007-0275

Name of the Vulnerable Software and Affected Versions Oracle Database versions 9.2.0.8 through 10.2.0.3 Oracle Application Server versions 9.0.4.3 through 10.1.2.2 Oracle Collaboration Suite version 10.1.2 Oracle E-Business Suite and Applications version 11.5.10CU2

Description A cross-site scripting (XSS) issue exists, allowing remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to "rwcgi60". This could potentially lead to unauthorized actions on behalf of the user.

Recommendations For Oracle Database versions 9.2.0.8 through 10.2.0.3, update to a version that includes the fix for this issue. For Oracle Application Server versions 9.0.4.3 through 10.1.2.2, update to a version that includes the fix for this issue. For Oracle Collaboration Suite version 10.1.2, update to a version that includes the fix for this issue. For Oracle E-Business Suite and Applications version 11.5.10CU2, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the "rwcgi60" endpoint to minimize the risk of exploitation. Avoid using the genuser parameter in the affected endpoint until the issue is resolved.