Cross-Site Scripting Vulnerabilities in Oracle Configurator by Oracle
CVE-2002-1640

Currently unrated

Key Information:

Vendor: Oracle
Status: Configurator
Vendor: CVE Published:; 1 April 2002

What is CVE-2002-1640?

Oracle Configurator prior to versions 11.5.7.17.32 and 11.5.6.16.53 contains multiple cross-site scripting vulnerabilities that allow remote attackers to inject arbitrary web scripts or HTML. Attackers can exploit this weakness via text features in the DHTML user interface or through malicious input to the oracle.apps.cz.servlet.UiServlet servlet, potentially compromising user data and the integrity of web sessions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/8781

vdb-entryx_refsource_XF

http://securitytracker.com/id?1003967

vdb-entryx_refsource_SECTRACK

http://www.oracle.com/technology//deploy/security/htdocs/...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Mar 28, 2005
Vulnerability published
Apr 1, 2002