CVE-2005-3204

Currently unrated

Key Information:

Vendor
Oracle
Status
Oracle9i
Application Server
Vendor
CVE Published:
14 October 2005

Summary

Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.

References

http://securityreason.com/securityalert/66
third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/bid/15034
vdb-entryx_refsource_BID
http://www.red-database-security.com/advisory/oracle_xmld...
x_refsource_MISC

EPSS Score

38% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.