Oracle Application Server DMS Cross Site Scripting Vulnerability

Oracle Application Server DMS Cross Site Scripting Vulnerability

Oracle Application Server is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability to inject HTML and script code into the browser of an unsuspecting victim. The attacker may then steal cookie-based authentication credentials and launch other attacks.

Oracle Application Server version 10g Release 2 (10.1.2) is vulnerable to this issue.