WP Config File Editor <= 1.7.1 - Authenticated Stored Cross-Site Scripting (XSS)

The WP Config File Editor WordPress plugin was affected by an Authenticated Stored Cross-Site Scripting XSS vulnerability. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesse...

Cross site scripting

The AjaxView::DisplayResponse function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting XSS. User input from the name parameter is unsafely reflected in the server response. NOTE: this CVE is assigned by MITRE and isn't...

CVE-2018-16953

The AjaxView::DisplayResponse function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting XSS. User input from the name parameter is unsafely reflected in the server response. NOTE: this CVE is assigned by MITRE and isn't...

CVE-2018-16953

The CVE-2018-16953 entry affects Oracle WebCenter Interaction Portal 10.3.3. Specifically, the AjaxView::DisplayResponse() function in portalpages.dll reflects unsanitized user input from the name parameter in the server response, enabling reflected cross-site scripting (XSS). The vulnerability i...

Oracle WebCenter Interaction Cross-Site Scripting Vulnerability (CNVD-2018-19487)

Oracle WebCenter Interaction is Oracle's suite for creating enterprise portals, collaborative communities, portfolio applications, and social applications.Oracle WebCenter Interaction Portal is one of the management interfaces. A cross-site scripting vulnerability exists in the...