CVE-2002-1640

Currently unrated

Key Information:

Vendor: Oracle
Status: Configurator
Vendor: CVE Published:; 1 April 2002

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/8781

vdb-entryx_refsource_XF

http://securitytracker.com/id?1003967

vdb-entryx_refsource_SECTRACK

http://www.oracle.com/technology//deploy/security/htdocs/...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Mar 28, 2005
Vulnerability published
Apr 1, 2002