Jump to content
Aerosol

Oracle.com Cross Site Scripting

By Aerosol, in Exploituri

Recommended Posts

Aerosol Newbie

Aerosol

Posted
Posted

  • Threat Level: High
  • Severity: High
  • CVSS Severity Score: 7.0

Impact Type: Complete confidentiality, integrity and availability violation. [2]

Vulnerability:

  • (1) Filtration Bypass.
  • (3) Unauthenticated Cross Site scripting vulnerabilities.

Description

A malicious user could get unsuspecting visitors into divulging their credentials, to force a redirection to a

heterogeneous third-party website, or to execute malicious code, on behalf of the attacker. An attacker can also

fold malicious content into the content being delivered to visitors on the site.

In this attack “Visitor -> Vendor” trust-levels are directly impacted, since the vendor’s website, and associated

services , and products have high levels of trust by default.

Read more: http://dl.packetstormsecurity.net/1501-advisories/Oracle_Website_Vulnerabilities119.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...