CVE-2005-1381
published 2005-05-03CVE-2005-1381: Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1)…
PriorityP430medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
20.19%
97.1th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Oracle Application Server 9i - Webcache Cache_dump_file Cross-Site Scripting
exploitdb·2005-04-28
CVE-2005-1381 Oracle Application Server 9i - Webcache Cache_dump_file Cross-Site Scripting
Oracle Application Server 9i - Webcache Cache_dump_file Cross-Site Scripting
---
source : https://www.securityfocus.com/bid/13421/info
A remote cross-site scripting vulnerability affects the Oracle Application Server 9i Webcache administration console. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
The issue affects the 'cache_dump_file' parameter of the 'webcacheadmin' script.
http://example.com:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&ACTION=Submit&index=1&cache_dump_file=/tmp/create_or_replace_file.txtalert(document.cookie);
http://administrator:[email protected]:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&ACTION=Submit&index=1&cache_dump_file=/tmp/create_or_append_file.
Exploit-DB
Oracle Application Server 9i - Webcache PartialPageErrorPage Cross-Site Scripting
exploitdb·2005-04-28
CVE-2005-1381 Oracle Application Server 9i - Webcache PartialPageErrorPage Cross-Site Scripting
Oracle Application Server 9i - Webcache PartialPageErrorPage Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/13422/info
A remote cross-site scripting vulnerability affects the Oracle Application Server 9i Webcache administration console. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
The issue affects the 'PartialPageErrorPage' parameter of the 'webcacheadmin' script.
http://example.com:4000/webcacheadmin?SCREEN_ID=CGA.Site.ApologyPages_Edit&ACTION=Submit&PartialPageErrorPage=/inservice.htmlalert(document.cookie)&site_id=2
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111472423409560&w=2http://secunia.com/advisories/15143http://www.osvdb.org/15910http://www.red-database-security.com/advisory/oracle_webcache_CSS_vulnerabilities.htmlhttp://www.securityfocus.com/bid/13421http://www.securityfocus.com/bid/13422https://exchange.xforce.ibmcloud.com/vulnerabilities/20309http://marc.info/?l=bugtraq&m=111472423409560&w=2http://secunia.com/advisories/15143http://www.osvdb.org/15910http://www.red-database-security.com/advisory/oracle_webcache_CSS_vulnerabilities.htmlhttp://www.securityfocus.com/bid/13421http://www.securityfocus.com/bid/13422https://exchange.xforce.ibmcloud.com/vulnerabilities/20309
2005-05-03
Published