CVE-2005-3205Cross-site Scripting in Oracle Database Server

CWE-79Cross-site Scripting5 documents5 sources
Severity
3.5LOWNVD
EPSS
0.5%
top 35.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Database Server
Timeline
PublishedOct 14
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-hvq8-4qq3-c3ww: Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 92022-05-01
CVEList
CVE-2005-3205: Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 92005-10-14

📋Vendor Advisories

1
Red Hat
squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)2011-08-28

💬Community

1
Bugzilla
CVE-2011-3205 squid: buffer overflow flaw in Squid's Gopher reply parser (SQUID-2011:3)2011-08-30
CVE-2005-3205 — Cross-site Scripting in Oracle | cvebase