CVE-2002-1636 — Cross-site Scripting in Oracle Application Server

3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 47.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Server

Timeline

PublishedDec 31

Latest updateApr 30

Description

Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/application_server1.0.2

🔴Vulnerability Details

GHSA

GHSA-6jvf-9896-2hgg: Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary↗2022-04-30

▶

CVEList

CVE-2002-1636: Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary↗2005-03-28

▶