Oracle Supply Chain Products Suite CVE-2014-0371 Multiple Cross Site Scripting Vulnerabilities

Oracle Supply Chain Products Suite is prone to multiple cross-site scripting vulnerabilities in Oracle Demantra Demand Management.

The vulnerability can be exploited over the 'HTTP' protocol. The 'DM Others' sub component is affected.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

This vulnerability affects the following supported versions:
7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, 12.2.2


 

Privacy Statement
Copyright 2010, SecurityFocus