11 lines
No EOL
705 B
Text
11 lines
No EOL
705 B
Text
source: https://www.securityfocus.com/bid/15031/info
|
|
|
|
Oracle HTML DB is prone to cross-site scripting vulnerabilities.
|
|
|
|
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site.
|
|
|
|
An attacker can leverage these issues to execute SQL statements in the context of an affected user as well.
|
|
|
|
These issues was originally described and addressed in Oracle Critical Patch Update - April 2005, BID 13139 (Oracle Multiple Vulnerabilities). Due to the availability of more information, these issues are being assigned a separate BID.
|
|
|
|
http://www.example.com/pls/otn/f?p=4500:alert(document.cookie);59:3239664590547916206 |