Summary
This host is running Oracle Identity Management and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site.
Impact Level: Application
Solution
Update to version 10.1.4.3 or later,
http://www.oracle.com/us/products/middleware/identity-management/overview/index.html
Insight
The flaw is due to improper validation of user-supplied input passed to 'username' parameter via POST method through '/usermanagement/forgotpassword/index.jsp' script.
Affected
Oracle Identity Management 10g httpd version 10.1.2.2.0
References
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Struts Cross Site Scripting Vulnerability
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- AbanteCart Multiple Cross-Site Scripting Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities