Cross-Site Scripting Vulnerability in Oracle Portal 10g
CVE-2007-1506

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Server Portal
Vendor: CVE Published:; 19 March 2007

What is CVE-2007-1506?

A cross-site scripting (XSS) vulnerability exists in the Oracle Portal where malicious actors can exploit the 'PORTAL.wwv_main.render_warning_screen' function. This issue arises from the improper handling of user input, specifically through the parameters 'p_oldurl' and 'p_newurl.' By manipulating these parameters, attackers can inject arbitrary web scripts or HTML content. This vulnerability poses significant risks, allowing unauthorized access to sensitive information and the potential for further attacks within the user's session.

References

http://www.securityfocus.com/archive/1/463012/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://securityreason.com/securityalert/2463

third-party-advisoryx_refsource_SREASON

https://exchange.xforce.ibmcloud.com/vulnerabilities/33028

vdb-entryx_refsource_XF

EPSS Score

11% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 19, 2007
Vulnerability Reserved
Mar 19, 2007