CVE-2002-2347Cross-site Scripting in Oracle Application Server

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 41.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Application Server
Timeline
PublishedDec 31
Latest updateApr 30

Description

Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDoracle/application_server4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-jfx5-q9mv-5m59: Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser2022-04-30
CVEList
CVE-2002-2347: Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser2007-10-29