CVE-2025-30746 — Cross-site Scripting in Corporation Oracle Istore

CWE-79 — Cross-site Scripting CWE-352 — Cross-Site Request Forgery4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.0%

top 94.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Corporation Oracle Istore Oracle Istore

Timeline

PublishedJul 15

Description

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDoracle/istore12.2.3 — 12.2.14

▶CVEListV5oracle_corporation/oracle_istore12.2.3 — 12.2.14

Patches

Patch: www.oracle.com ↗

🔴Vulnerability Details

CVEList

CVE-2025-30746: Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart)↗2025-07-15

▶

GHSA

GHSA-27j5-7vqc-pjcg: Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart)↗2025-07-15

▶

📋Vendor Advisories

Oracle

Oracle Oracle E-Business Suite Risk Matrix: Shopping Cart — CVE-2025-30746↗2025-07-15

▶