Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-3204Cross-site Scripting in Oracle Application Server

4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
20.8%
top 4.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Oracle Application ServerOracle Oracle9i
Timeline
PublishedOct 14
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDoracle/oracle9i44 versions+43
NVDoracle/application_server9 versions+8

Patches

Patch: secunia.comPatch: secunia.com

🔴Vulnerability Details

2
GHSA
GHSA-9fxf-v57m-8m42: Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in2022-05-01
CVEList
CVE-2005-3204: Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in2005-10-14

💥Exploits & PoCs

1
Exploit-DB
Oracle 9 - XML DB Cross-Site Scripting2005-10-07
CVE-2005-3204 — Cross-site Scripting in Oracle | cvebase