CVE-2020-14582

Name of the Vulnerable Software and Affected Versions Oracle iStore versions 12.1.1 through 12.1.3 Oracle iStore versions 12.2.3 through 12.2.9

Description The issue is related to the User Registration component of Oracle iStore, which fails to protect the web page structure. This can be exploited by a remote attacker to perform a cross-site scripting attack. Successful attacks may significantly impact additional products and can result in unauthorized access to critical data, as well as unauthorized update, insert, or delete access to some Oracle iStore accessible data.

Recommendations For versions 12.1.1 through 12.1.3, update to a version that includes the fix for this issue. For versions 12.2.3 through 12.2.9, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the User Registration component until a patch is available.