Description

The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.

Remediation

References

CVE-2004-1877

Related Vulnerabilities

WordPress Plugin wpDataTables-WordPress Data Table, Dynamic Tables & Table Charts Cross-Site Scripting (2.1.49)

Roundcube Improper Access Control Vulnerability (CVE-2016-9920)

MySQL CVE-2021-2076 Vulnerability (CVE-2021-2076)

Moodle Other Vulnerability (CVE-2006-0147)

WordPress Plugin Calendar by WD-Responsive Event Calendar for WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.3.0)

Severity

Low

Classification

CVE-2004-1877

Tags

Missing Update Known Vulnerabilities