QwikSec

Security Database

CVE

CWE

Training

CVE-2008-2603

Published: Jul 15, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

Unspecified vulnerability in the Resource Manager component in Oracle Database 10.1.0.5, 10.2.0.4, and 11.1.0.6, and Database Control in Enterprise Manager, has unknown impact and remote authenticated attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this is a cross-site scripting (XSS) issue that allows remote attackers to inject arbitrary web script or HTML via the REFRESHCHOICE parameter in multiple web pages.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.oracle.com/technetwork/topics/security/cpujul2008-090335.html

x_refsource_CONFIRM

vdb-entry

x_refsource_VUPEN

vendor-advisory

x_refsource_HP

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_HP

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_SECTRACK

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

20080804 Team SHATTER Security Advisory: Cross-site scripting in Oracle Enterprise Manager (REFRESHCHOICE Parameter)

mailing-list

x_refsource_BUGTRAQ

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.