• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Oracle Configurator Text Features User-Embedded Scripting Vulnerability

An issue has been discovered in Oracle Configurator, which may allow users to execute script as the web host.

Oracle fails to properly filter malicious HTML tags and script from text input boxes, as a result, a host using Text Features and the DHTML user interface are subject to this issue. Script code submitted by the end user will execute within the context of the vulnerable page.