CVE-2006-7158

3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.6%
top 31.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Apex
Timeline
PublishedMar 7
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDoracle/apex2.2

Patches

Patch: www.red-database-security.comPatch: www.red-database-security.com

🔴Vulnerability Details

2
GHSA
GHSA-wr25-mjww-qfr9: Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 22022-05-01
CVEList
CVE-2006-7158: Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 22007-03-07
CVE-2006-7158 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io