Multiple Vulnerabilities in Oracle Application Express Affected by Remote Attack Vectors
CVE-2006-5351

Currently unrated

Key Information:

Vendor: Oracle
Status: Apex
Vendor: CVE Published:; 18 October 2006

What is CVE-2006-5351?

Oracle Application Express, previously known as Oracle HTML DB, contains multiple unspecified vulnerabilities that potentially allow remote attackers to exploit the system with unknown impacts. These vulnerabilities include several identifiers associated with cross-site scripting (XSS) risks, specifically within components such as WWV_FLOW_ITEM_HELP and NOTIFICATION_MSG, which may lead to unauthorized data exposure or manipulation. Users and administrators are advised to take precautionary measures to safeguard their applications.

References

http://www.red-database-security.com/advisory/oracle_cpu_...

x_refsource_MISC

http://www.securityfocus.com/bid/20588

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/449711/100/0/threaded

vendor-advisoryx_refsource_HP

Timeline

Vulnerability published
Oct 18, 2006
Vulnerability Reserved
Oct 17, 2006