Lucene search

[email protected]CVE-2005-3204

HistoryOct 14, 2005 - 10:02 a.m.

CVE-2005-3204

2005-10-1410:02:00

[email protected]

web.nvd.nist.gov

cve-2005-3204

cross-site scripting

xss

oracle xml db 9ir2

nvd

7.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.068 Low

EPSS

Percentile

93.9%

JSON

Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.

Affected configurations

NVD

Node

oracleapplication_serverMatch9.0.2

oracleapplication_serverMatch9.0.2.0.0

oracleapplication_serverMatch9.0.2.0.1

oracleapplication_serverMatch9.0.2.1

oracleapplication_serverMatch9.0.2.2

oracleapplication_serverMatch9.0.2.3

oracleapplication_serverMatch9.0.3

oracleapplication_serverMatch9.0.3.1

oracleapplication_serverMatch9.2.0.6

oracleoracle9iMatchclient_9.2.0.1

oracleoracle9iMatchclient_9.2.0.2

oracleoracle9iMatchdeveloper_9.0.4

oracleoracle9iMatchenterprise_9.0.1

oracleoracle9iMatchenterprise_9.0.1.4

oracleoracle9iMatchenterprise_9.0.1.5

oracleoracle9iMatchenterprise_9.0.1.5_fips

oracleoracle9iMatchenterprise_9.0.4

oracleoracle9iMatchenterprise_9.2.0

oracleoracle9iMatchenterprise_9.2.0.1

oracleoracle9iMatchenterprise_9.2.0.2

oracleoracle9iMatchenterprise_9.2.0.3

oracleoracle9iMatchenterprise_9.2.0.4

oracleoracle9iMatchenterprise_9.2.0.5

oracleoracle9iMatchenterprise_9.2.0.6

oracleoracle9iMatchpersonal_9.0.1

oracleoracle9iMatchpersonal_9.0.1.4

oracleoracle9iMatchpersonal_9.0.1.5

oracleoracle9iMatchpersonal_9.0.1.5_fips

oracleoracle9iMatchpersonal_9.0.4

oracleoracle9iMatchpersonal_9.2

oracleoracle9iMatchpersonal_9.2.0.1

oracleoracle9iMatchpersonal_9.2.0.2

oracleoracle9iMatchpersonal_9.2.0.3

oracleoracle9iMatchpersonal_9.2.0.4

oracleoracle9iMatchpersonal_9.2.0.5

oracleoracle9iMatchpersonal_9.2.0.6

oracleoracle9iMatchstandard_9.0

oracleoracle9iMatchstandard_9.0.1

oracleoracle9iMatchstandard_9.0.1.2

oracleoracle9iMatchstandard_9.0.1.3

oracleoracle9iMatchstandard_9.0.1.4

oracleoracle9iMatchstandard_9.0.1.5

oracleoracle9iMatchstandard_9.0.1.5_fips

oracleoracle9iMatchstandard_9.0.2

oracleoracle9iMatchstandard_9.0.4

oracleoracle9iMatchstandard_9.2

oracleoracle9iMatchstandard_9.2.0.1

oracleoracle9iMatchstandard_9.2.0.2

oracleoracle9iMatchstandard_9.2.0.3

oracleoracle9iMatchstandard_9.2.0.4

oracleoracle9iMatchstandard_9.2.0.5

oracleoracle9iMatchstandard_9.2.0.6

oracleoracle9iMatchstandard_9.2.3

CPENameOperatorVersion
oracle:application_serveroracle application servereq9.0.2
oracle:application_serveroracle application servereq9.0.2.0.0
oracle:application_serveroracle application servereq9.0.2.0.1
oracle:application_serveroracle application servereq9.0.2.1
oracle:application_serveroracle application servereq9.0.2.2
oracle:application_serveroracle application servereq9.0.2.3
oracle:application_serveroracle application servereq9.0.3
oracle:application_serveroracle application servereq9.0.3.1
oracle:application_serveroracle application servereq9.2.0.6
oracle:oracle9ioracle oracle9ieqclient_9.2.0.1

CPE	Name	Operator	Version
oracle:application_server	oracle application server	eq	9.0.2
oracle:application_server	oracle application server	eq	9.0.2.0.0
oracle:application_server	oracle application server	eq	9.0.2.0.1
oracle:application_server	oracle application server	eq	9.0.2.1
oracle:application_server	oracle application server	eq	9.0.2.2
oracle:application_server	oracle application server	eq	9.0.2.3
oracle:application_server	oracle application server	eq	9.0.3
oracle:application_server	oracle application server	eq	9.0.3.1
oracle:application_server	oracle application server	eq	9.2.0.6
oracle:oracle9i	oracle oracle9i	eq	client_9.2.0.1

Rows per page:

1-10 of 531

References

archives.neohapsis.com/archives/fulldisclosure/2005-10/0177.html

marc.info/?l=bugtraq&m=112870541502542&w=2

secunia.com/advisories/15991/

securityreason.com/securityalert/66

www.oracle.com/technology/deploy/security/pdf/cpujul2005.html

www.osvdb.org/20054

www.red-database-security.com/advisory/oracle_xmldb_css.html

www.securityfocus.com/bid/15034

exchange.xforce.ibmcloud.com/vulnerabilities/22541

7.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.068 Low

EPSS

Percentile

93.9%

JSON

Related for CVE-2005-3204

cvelist1 nvd1 nessus2