XSS Vulnerabilities in Oracle Portal by Oracle
CVE-2006-6703

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
23 December 2006

Summary

Multiple cross-site scripting vulnerabilities in Oracle Portal 9i and 10g enable remote attackers to exploit the system by injecting arbitrary JavaScript through the tc parameter in the webapp/jsp/container_tabs.jsp file and other unspecified vectors. This could lead to unauthorized actions carried out on behalf of the victim user, potentially compromising sensitive information.

References

EPSS Score

11% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.