WARNING! Fake news / Disputed / BOGUS

Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP

2006.10.31
Credit: Alexander Kornbrust
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2006-5599
CWE: CWE-Other


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Name Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP Systems Affected Oracle APEX/HTMLDB Severity Medium Risk Category Cross Site Scripting (XSS/CSS) Vendor URL http://www.oracle.com/ Author Alexander Kornbrust (ak at red-database-security.com) Date 18 October 2006 (V 1.00) Advisory http://www.red-database-security.com/advisory/oracle_apex_css_wwv_flow_i tem_help.html Details ####### The package WWV_FLOW_ITEM_HELP contains a cross site scripting vulnerability. Affected Products ################# Oracle APEX/HTMLDB < 2.2.1 Patch Information ################# This bug is fixed with the patch 2.2.1 of APEX which is not part of the Critical Patch Update October 2006. It's necessary to upgrade your APEX/HTMLDB installation to 2.2.1. Patches are currently not available for Oracle Application Express. History ####### 03-oct-2005 Oracle secalert was informed 04-oct-2005 Bug confirmed 17-oct-2006 Oracle published CPU October 2006 18-oct-2006 Red-Database-Security published this advisory Additional Information ###################### An analysis of the Oracle CPU Oct 2006 is available here http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top