CVE-2005-3202

Currently unrated

Key Information:

Vendor: Oracle
Status: Html Db
Vendor: CVE Published:; 14 October 2005

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters.

References

http://www.red-database-security.com/advisory/oracle_html...

x_refsource_MISC

http://www.osvdb.org/20052

vdb-entryx_refsource_OSVDB

http://securityreason.com/securityalert/62

third-party-advisoryx_refsource_SREASON

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Oct 14, 2005
Vulnerability Reserved
Oct 14, 2005