Oracle : Security Vulnerabilities, CVEs, Published In March 2007 (XSS)
Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563.
Max CVSS
4.3
EPSS Score
0.30%
Published
2007-03-22
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.
Max CVSS
4.3
EPSS Score
1.16%
Published
2007-03-19
Updated
2018-10-16
Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.
Max CVSS
4.3
EPSS Score
1.75%
Published
2007-03-07
Updated
2018-10-16
3 vulnerabilities found