CVE-2007-0275

2007-01-1702:28:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-0275

cross-site scripting

xss

oracle reports

rwcgi60

workflow cartridge

oracle database

application server

collaboration suite

oracle e-business suite

nvd

4.9 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

35.9%

JSON

Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.

CPENameOperatorVersion
oracle:application_serveroracle application servereq10.1.2.2
oracle:application_serveroracle application servereq10.1.2.0.2
oracle:database_serveroracle database servereq9.2.0.8
oracle:database_serveroracle database servereq10.2.0.3
oracle:e-business_suiteoracle e-business suiteeq11.5.10.2
oracle:application_serveroracle application servereq9.0.4.3
oracle:collaboration_suiteoracle collaboration suiteeq10.1.2
oracle:database_serveroracle database servereq10.1.0.5

CPE	Name	Operator	Version
oracle:application_server	oracle application server	eq	10.1.2.2
oracle:application_server	oracle application server	eq	10.1.2.0.2
oracle:database_server	oracle database server	eq	9.2.0.8
oracle:database_server	oracle database server	eq	10.2.0.3
oracle:e-business_suite	oracle e-business suite	eq	11.5.10.2
oracle:application_server	oracle application server	eq	9.0.4.3
oracle:collaboration_suite	oracle collaboration suite	eq	10.1.2
oracle:database_server	oracle database server	eq	10.1.0.5