CVE-2018-3238
published 2018-10-17CVE-2018-3238: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is…
PriorityP340medium6.9CVSS 3.0
AVNACLPRHUIRSCCHILAN
EXPLOIT
EPSS
4.58%
90.5th percentile
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 6.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | webcenter_sites | — | — |
| oracle_corporation | webcenter_sites | — | — |
CVSS provenance
nvdv3.06.9MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N
nvdv2.04.9MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting
nuclei·CVSS 6.9
CVE-2018-3238 [MEDIUM] Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting
Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting
The Oracle WebCenter Sites 11.1.1.8.0 component of Oracle Fusion Middleware is impacted by easily exploitable cross-site scripting vulnerabilities that allow high privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites.
Template:
id: CVE-2018-3238
info:
name: Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting
author: leovalcante
severity: medium
description: The Oracle WebCenter Sites 11.1.1.8.0 component of Oracle Fusion Middleware is impacted by easily exploitable cross-site scripting vulnerabilities that allow high privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites.
impact: |
Successful exploitation of this vulnerabilit
Greynoiseio
NoiseLetter October 2025
blogs_greynoiseio
NoiseLetter October 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2018-0504 mediawiki: Information exposure when a log event is (partially) hidden
bugzilla·2018-09-28·CVSS 6.5
CVE-2018-0504 [MEDIUM] CVE-2018-0504 mediawiki: Information exposure when a log event is (partially) hidden
CVE-2018-0504 mediawiki: Information exposure when a log event is (partially) hidden
As reported:
A flaw was found in mediawiki. When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information.
Upstream bug:
https://phabricator.wikimedia.org/T187638
References:
https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html
Discussion:
Created mediawiki tracking bugs for this issue:
Affects: fedora-all [bug 1634170]
---
Updating affected products; mediawiki-123 is the container name, mediawiki123 is the package name.
---
This issue has been addressed in the following products:
Red Hat OpenShift Container Platform 3.10
Via RHSA-2019:3238 https://access.redhat.com/errata/RHSA-2019:3238
---
This bug
2018-10-17
Published