Oracle Identity Management 'username' Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Oracle Identity Management and is prone to cross site scripting vulnerability.

Impact

Successful exploitation will allow remote attackers to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Update to version 10.1.4.3 or later, http://www.oracle.com/us/products/middleware/identity-management/overview/index.html

Insight

The flaw is due to improper validation of user-supplied input passed to 'username' parameter via POST method through '/usermanagement/forgotpassword/index.jsp' script.

Affected

Oracle Identity Management 10g httpd version 10.1.2.2.0

References

http://cxsecurity.com/issue/WLB-2012100042
http://dl.packetstormsecurity.net/1210-exploits/ZSL-2012-5110.txt
http://www.zeroscience.mk/codes/oim_xss.txt
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5110.php

Updated on 2017-03-28

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Web Server ETag Header Information Disclosure Weakness
Apache Rave User Information Disclosure Vulnerability
A Really Simple Chat Multiple XSS Vulnerabilities
Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
Apache Tomcat Login Constraints Security Bypass Vulnerability

Take action and discover your vulnerabilities