Cross-Site Scripting Vulnerabilities in Oracle HTML DB by Oracle
CVE-2005-3202

Currently unrated

Key Information:

Vendor: Oracle
Status: Html Db
Vendor: CVE Published:; 14 October 2005

What is CVE-2005-3202?

Multiple cross-site scripting vulnerabilities exist in Oracle HTML DB (versions 1.3 through 1.3.6). These vulnerabilities allow remote attackers to inject arbitrary web scripts or HTML code via the parameters 'p' or 'p_t02'. Successful exploitation may enable attackers to execute unauthorized SQL statements, thereby compromising the integrity of the database and potentially exposing sensitive data.

References

http://www.red-database-security.com/advisory/oracle_html...

x_refsource_MISC

http://www.osvdb.org/20052

vdb-entryx_refsource_OSVDB

http://securityreason.com/securityalert/62

third-party-advisoryx_refsource_SREASON

EPSS Score

11% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2005
Vulnerability Reserved
Oct 14, 2005