5.7 Medium
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.056 Low
EPSS
Percentile
93.2%
Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01.
www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html
www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
www.red-database-security.com/advisory/oracle_css_ses.html
www.securityfocus.com/archive/1/466156/100/0/threaded
www.securityfocus.com/archive/1/466329/100/200/threaded
www.securityfocus.com/bid/23532
www.securitytracker.com/id?1017927
www.us-cert.gov/cas/techalerts/TA07-108A.html
www.vupen.com/english/advisories/2007/1426