Description
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that allows reading of portions of arbitrary XML files via the customize parameter.
Remediation
References
Related Vulnerabilities
Grafana Improper Authentication Vulnerability (CVE-2022-39229)
WordPress Plugin Advanced ads Management by Inazo Cross-Site Scripting (1.3)
WordPress Plugin Agent Storm by StormRETS Multiple Cross-Site Scripting Vulnerabilities (1.1.35)
Ruby Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-2065)