CVE-2007-2119Cross-site Scripting in Oracle Application Server

3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
3.9%
top 11.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Application ServerOracle Database Server
Timeline
PublishedApr 18
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

NVDoracle/database_server10.1.0.5, 10.2.0.2, 9.2.0.8+2
NVDoracle/application_server10.1.2.0.2, 10.1.2.2, 9.0.4.3+2

🔴Vulnerability Details

2
GHSA
GHSA-vwmx-h2vf-f56g: Cross-site scripting (XSS) vulnerability in boundary_rules2022-05-01
CVEList
CVE-2007-2119: Cross-site scripting (XSS) vulnerability in boundary_rules2007-04-18
CVE-2007-2119 — Cross-site Scripting in Oracle | cvebase