2 matches found
TeamSHATTER Security Advisory: Oracle EM Cross Site Scripting in XDBResource cancelURL parameter (CVE-2013-0352)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 TeamSHATTER Security Advisory Oracle Enterprise Manager Cross Site Scripting in XDBResource cancelURL parameter February 20, 2013 Risk Level: High Affected versions: Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7,...
CVE-2013-0352
Oracle CVE-2013-0352 describes a Cross‑Site Scripting vulnerability in Oracle Enterprise Manager components, specifically the EM Database Control/XML Database Resources page via the cancelURL parameter. An attacker could remotely exploit this to steal session cookies and impersonate a legitimate ...