Cross-site Scripting Vulnerability in Oracle Application Express
CVE-2006-7158

Currently unrated

Key Information:

Vendor: Oracle
Status: Apex
Vendor: CVE Published:; 7 March 2007

What is CVE-2006-7158?

A cross-site scripting vulnerability has been identified in Oracle Application Express (APEX) versions prior to 2.2.1. This flaw allows remote attackers to exploit the NOTIFICATION_MSG parameter, enabling them to inject arbitrary web scripts or HTML. The security flaw poses significant risks as it may allow attackers to execute malicious scripts in the context of the victim's browser, potentially leading to data theft or unauthorized actions.

References

http://www.red-database-security.com/advisory/oracle_apex...

x_refsource_MISC

http://securityreason.com/securityalert/2382

third-party-advisoryx_refsource_SREASON

https://exchange.xforce.ibmcloud.com/vulnerabilities/30107

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 7, 2007
Vulnerability Reserved
Mar 7, 2007