2 matches found
CVE-2005-4549
CVE-2005-4549 describes a cross-site scripting (XSS) vulnerability in the Oracle Application Server (OracleAS) Discussion Forum Portlet. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the RowKeyValue parameter in the PORTAL schema and the title and content fi...
CVE-2005-4550
CVE-2005-4550 affects the PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet. The vulnerability allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter that can contain a trailing null byte (%00). This is caused ...