PT-2018-13794 · Oracle · Oracle Webcenter Interaction Portal

Ben N

Published

2018-09-18

Updated

2018-11-09

CVE-2018-16955

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Interaction Portal version 10.3.3

Description The login function is susceptible to reflected cross-site scripting (XSS) due to the unsafe reflection of the content of the in hi redirect parameter in an HTML META tag in the HTTP response, specifically when the parameter is prefixed with the https:// scheme.

Recommendations For Oracle WebCenter Interaction Portal version 10.3.3, as a temporary workaround, consider restricting the use of the in hi redirect parameter in the login function until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-16955

Affected Products

Oracle Webcenter Interaction Portal

PT-2018-13794 · Oracle · Oracle Webcenter Interaction Portal

CVE-2018-16955

Weakness Enumeration

Related Identifiers

Affected Products

References · 4