|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-03-26 | |
| Rule Name: | Oracle Application Server Portal Cross Site Scripting Vulnerability | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | A cross-site scripting vulnerability exists in Oracle Application Server Portal. The flaw is due to lack of validation of the user supplied input data. The flaw may be exploited by malicious users to execute arbitrary HTML code on target user's web browser, within the context of a trusted web site. An attack targeting this vulnerability can result in the injection and execution of script code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. | |
| Impact: | An attacker can conduct a cross-site scripting attack to inject malicious client-side scripts into web pages viewed by other users, or to bypass access controls such as the same-origin policy, if affected version is installed. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | ||
| Solutions |
|---|
| Please contact the software vendor to update the software patch. |