3 matches found
Endeca Latitude 2.2.2 Cross Site Scripting
Advisory: Endeca Latitude Cross-Site Scripting RedTeam Pentesting discovered a Cross-Site Scripting XSS vulnerability in Endeca Latitude. By exploiting this vulnerability an attacker is able to execute arbitrary JavaScript code in the context of other Endeca Latitude users. Details ======= Produc...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery Formerly Latitude, a different vulnerability than CVE-2014-2400...
CVE-2014-2400
CVE-2014-2400 is a Cross‑Site Scripting vulnerability in Endeca Latitude 2.2.2 (Endeca Latitude / Oracle Fusion Middleware context). The advisories describe input handling flaws where invalid URL parameters (config/admin) are reflected without proper escaping, enabling arbitrary JavaScript execut...