PT-2007-2897 · Oracle · Oracle Portal 10G

Sea Shark

Published

2007-03-19

Updated

2018-10-16

CVE-2007-1506

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Oracle Portal 10g

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the p oldurl and p newurl parameters in the PORTAL.wwv main.render warning screen function.

Recommendations For Oracle Portal 10g, as a temporary workaround, consider restricting access to the PORTAL.wwv main.render warning screen function until a patch is available. Avoid using the p oldurl and p newurl parameters in this function until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-1506

Affected Products

Oracle Portal 10G

PT-2007-2897 · Oracle · Oracle Portal 10G

CVE-2007-1506

Related Identifiers

Affected Products

References · 7