XSS Vulnerabilities in Oracle Portal by Oracle
CVE-2006-6703

Currently unrated

Key Information:

Vendor: Oracle
Status: Oracle9i; Oracle10g
Vendor: CVE Published:; 23 December 2006

Summary

Multiple cross-site scripting vulnerabilities in Oracle Portal 9i and 10g enable remote attackers to exploit the system by injecting arbitrary JavaScript through the tc parameter in the webapp/jsp/container_tabs.jsp file and other unspecified vectors. This could lead to unauthorized actions carried out on behalf of the victim user, potentially compromising sensitive information.

References

http://www.securityfocus.com/archive/1/455143/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.vupen.com/english/advisories/2006/5143

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/21717

vdb-entryx_refsource_BID

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 23, 2006
Vulnerability Reserved
Dec 22, 2006