Reflected Cross-Site Scripting Vulnerability in Oracle WebCenter Interaction Portal
CVE-2018-16953

6.1MEDIUM

Key Information:

Vendor: Oracle
Status: Webcenter Interaction
Vendor: CVE Published:; 18 September 2018

Summary

The AjaxView::DisplayResponse() function in the portalpages.dll assembly of Oracle WebCenter Interaction Portal 10.3.3 is susceptible to reflected cross-site scripting (XSS). This vulnerability arises because user input from the 'name' parameter is reflected back in the server's response without proper encoding or sanitization. As a result, an attacker could exploit this vulnerability to execute arbitrary scripts in the context of an authenticated user, potentially leading to unauthorized actions and data leakage. It’s important to note that this version is out of support, which may complicate remediation efforts.

References

https://seclists.org/fulldisclosure/2018/Sep/22

x_refsource_MISC

http://www.securityfocus.com/bid/105350

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 18, 2018
Vulnerability Reserved
Sep 12, 2018