Oracle Portal Container_Tabs.JSP Cross-Site Scripting Vulnerability
BID:21717
Info
Oracle Portal Container_Tabs.JSP Cross-Site Scripting Vulnerability
| Bugtraq ID: | 21717 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 22 2006 12:00AM |
| Updated: | Jan 02 2007 04:01PM |
| Credit: | putosoft softputo is credited with discovering this issue. |
| Vulnerable: |
Oracle Portal 9i Oracle Portal 10g |
| Not Vulnerable: | |
Discussion
Oracle Portal Container_Tabs.JSP Cross-Site Scripting Vulnerability
Oracle Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before returning it to the user.
An attacker can exploit this issue to execute arbitrary HTML and script code in a userâ??s browser session in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The vulnerability is reported in Oracle Portal versions 9i and10g.
Oracle Portal is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input before returning it to the user.
An attacker can exploit this issue to execute arbitrary HTML and script code in a userâ??s browser session in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
The vulnerability is reported in Oracle Portal versions 9i and10g.
Exploit / POC
Oracle Portal Container_Tabs.JSP Cross-Site Scripting Vulnerability
An attacker can exploit this vulnerability via a web client.
The following proof of concept is available:
An attacker can exploit this vulnerability via a web client.
The following proof of concept is available:
Solution / Fix
Oracle Portal Container_Tabs.JSP Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you fell we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you fell we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
Oracle Portal Container_Tabs.JSP Cross-Site Scripting Vulnerability
References:
References:
- Oracle Homepage (Oracle)
- Oracle Applications/Portal 9i/10g Cross Site Scripting (putosoft softputo)