Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1968 — Cross-site Scripting in Oracle Database Server

4 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

31.8%

top 3.19%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Oracle Database Server

Timeline

PublishedJul 14

Latest updateMay 2

Description

Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/database_server10.1.8.3

Patches

Patch: www.vupen.com ↗Patch: www.vupen.com ↗

🔴Vulnerability Details

GHSA

GHSA-7q88-4hj3-987c: Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10↗2022-05-02

▶

CVEList

CVE-2009-1968: Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10↗2009-07-14

▶

💥Exploits & PoCs

Exploit-DB

Oracle 10g Secure Enterprise Search - 'search_p_groups' Cross-Site Scripting↗2009-06-14

▶