Summary
The login-page of Oracle9i iSQLplus allows the injection of HTML and Javascript code via the username and password parameters.
Description :
The remote host is running a version of the Oracle9i 'isqlplus' CGI which is vulnerable to a cross site scripting issue.
An attacker may exploit this flaw to to steal the cookies of legitimate users on the remote host.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability