Back to list
Oracle Siebel 7.x CRM Cross Site Scripting Vulnerability
Feb 28 2010 07:27PM
lament ilhack org
Yaniv Miron aka "Lament" Advisory Feb 27, 2010
Oracle Siebel 7.x CRM (7.7, 7.8 tested) Cross Site Scripting Vulnerability
Siebel Customer Relationship Management (CRM) Applications
The world's most complete customer relationship management (CRM) solution,
Oracle's Siebel CRM helps organizations differentiate their businesses to
achieve maximum top-and bottom-line growth. It delivers a combination of
transactional, analytical, and engagement features to manage all
customer-facing operations. With solutions tailored to more than 20 industries,
Siebel CRM delivers:
Comprehensive on premise and on demand CRM solutions.
Tailored industry solutions.
Role-based customer intelligence and pre-built integration.
A malicious attacker may inject scripts into the Oracle Siebel CRM application.
Exploitation of this vulnerability results in the execution of arbitrary
code using a malicious link.
http://example.com/htim_enu/start.swe/?>'"><script>alert('XSS by Lament')</script>
V. DISCLOSURE TIMELINE
Jan 2009 Vulnerability found
Jan 2009 Vendor Notification
Feb 2010 Public Disclosure
Yaniv Miron aka "Lament".
lament (at) ilhack (dot) org [email concealed]
[ reply ]
Copyright 2010, SecurityFocus