|
Family: Databases --> Category: infos
Oracle 9iAS iSQLplus XSS Vulnerability Scan
Vulnerability Scan Summary Test for the possibility of an Cross-Site-Scripting XSS Attack in Oracle9i iSQLplus
Detailed Explanation for this Vulnerability Test
Synopsis :
The login-page of Oracle9i iSQLplus allows the injection of HTML and Javascript
code via the username and password parameters.
Description :
The remote host is running a version of the Oracle9i 'isqlplus' CGI which
is vulnerable to a cross site scripting issue.
A possible hacker may exploit this flaw to to steal the cookies of legitimate
users on the remote host.
See also :
http://www.securitytracker.com/alerts/2004/Jan/1008838.html
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:NR/C:P/A:N/I:N/B:C)
Click HERE for more information and discussions on this network vulnerability scan.
|