CVE-2006-5599

3 documents3 sources
Severity
4.3MEDIUM
EPSS
1.2%
top 20.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Apex
Timeline
PublishedOct 28
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDoracle/apex2.2

Patches

Patch: www.oracle.comPatch: www.red-database-security.comPatch: www.us-cert.gov

🔴Vulnerability Details

2
GHSA
GHSA-39jf-7hvq-h87f: Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 22022-05-01
CVEList
CVE-2006-5599: Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 22006-10-28
CVE-2006-5599 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io