CVE-2006-6703

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Oracle10g
Vendor: CVE Published:; 23 December 2006

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.

References

http://www.securityfocus.com/archive/1/455143/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2006/5143

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/21717

vdb-entryx_refsource_BID

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 23, 2006
Vulnerability Reserved
Dec 22, 2006