CVE-2016-3438Cross-site Scripting in Oracle Configurator

3 documents3 sources
Severity
8.2HIGHNVD
EPSS
0.4%
top 39.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Configurator
Timeline
PublishedApr 21
Latest updateMay 17

Description

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via three unspec

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:NExploitability: 2.8 | Impact: 4.7

Affected Packages1 packages

NVDoracle/configurator12.1, 12.2+1

🔴Vulnerability Details

2
GHSA
GHSA-cxmh-7258-x88w: Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 122022-05-17
CVEList
CVE-2016-3438: Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 122016-04-21
CVE-2016-3438 — Cross-site Scripting in Oracle | cvebase