Cross-Site Scripting Vulnerability in Oracle Application Express
CVE-2006-5599

Currently unrated

Key Information:

Vendor: Oracle
Status: Apex
Vendor: CVE Published:; 28 October 2006

What is CVE-2006-5599?

A cross-site scripting (XSS) vulnerability exists in Oracle Application Express, allowing remote attackers to inject arbitrary HTML or web scripts via the WWV_FLOW_ITEM_HELP package. This flaw can lead to unauthorized actions being executed in the context of users visiting affected applications, thus posing significant security risks. It has been indicated that this issue may overlap with other vulnerabilities identified within the same timeframe. Oracle's October 2006 critical patch update is believed to address this vulnerability.

References

http://securityreason.com/securityalert/1792

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/449500/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.red-database-security.com/advisory/oracle_apex...

x_refsource_MISC

Timeline

Vulnerability published
Oct 28, 2006
Vulnerability Reserved
Oct 27, 2006