Back to search
CVE-2007-0275
Published: Jan 17, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20070117 [ISecAuditors Security Advisories] Oracle Reports Web Cartridge (RWCGI60) vulnerable to XSS
mailing-list
x_refsource_BUGTRAQ
23794
third-party-advisory
x_refsource_SECUNIA
22083
vdb-entry
x_refsource_BID
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
x_refsource_CONFIRM
TA07-017A
third-party-advisory
x_refsource_CERT
oracle-cpu-jan2007(31541)
vdb-entry
x_refsource_XF
1017522
vdb-entry
x_refsource_SECTRACK
32906
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now