Cross-Site Scripting Vulnerability in Oracle Portal 10g
CVE-2007-1506

Currently unrated

Key Information:

Vendor

Oracle
Status
Application Server Portal
Vendor
CVE Published:
19 March 2007

What is CVE-2007-1506?

A cross-site scripting (XSS) vulnerability exists in the Oracle Portal where malicious actors can exploit the 'PORTAL.wwv_main.render_warning_screen' function. This issue arises from the improper handling of user input, specifically through the parameters 'p_oldurl' and 'p_newurl.' By manipulating these parameters, attackers can inject arbitrary web scripts or HTML content. This vulnerability poses significant risks, allowing unauthorized access to sensitive information and the potential for further attacks within the user's session.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/463012/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://securityreason.com/securityalert/2463
third-party-advisoryx_refsource_SREASON
https://exchange.xforce.ibmcloud.com/vulnerabilities/33028
vdb-entryx_refsource_XF

EPSS Score

18% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.