Oracle Portal XSS fixed by CPU July 2008

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052644 漏洞类型
发布时间 2008-07-18 更新时间 2008-07-18
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2008070034
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Class: Input Validation Error
Risk: Low
Remote: Yes

Oracle has just released CPU July 2008 critical patch that fixes a flaw 
which allows code injection by malicious web users into the web pages 
viewed by other users.

The security issue was found on POPUP_NAME parameter OF 
PORTAL.WWPOB_HOME_PAGE web page of Oracle Portal.

After months, the patch is now available: 
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujul2008.html


Regards