CVE-2006-7158

Currently unrated

Key Information:

Vendor: Oracle
Status: Apex
Vendor: CVE Published:; 7 March 2007

Summary

Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.

References

http://www.red-database-security.com/advisory/oracle_apex...

x_refsource_MISC

http://securityreason.com/securityalert/2382

third-party-advisoryx_refsource_SREASON

https://exchange.xforce.ibmcloud.com/vulnerabilities/30107

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Mar 7, 2007
Vulnerability Reserved
Mar 7, 2007