Oracle Business Process Management 10.3.2 – Cross-Site Scripting

Exploit Database
18 阅读

作者： Markot

日期： 2010-07-13
类别：
- remote
平台：
- multiple
来源：https://www.exploit-db.com/exploits/34310/

source: https://www.securityfocus.com/bid/41617/info

Oracle Business Process Management is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

This vulnerability affects the following supported versions:
5.7 MP3, 6.0 MP5, 10.3 MP2

http://www.example.com:8585/webconsole/faces/faces/faces/jsf/tips.jsp?context=<script>alert(document.cookie)</script>
http://www.example.com:8585/webconsole/faces/faces/faces/jsf/tips.jsp?context=<script>alert('CorelanTeam')</script>

last Exploits
Oracle Business Process Management 10.3.2 – Cross-Site Scripting的更多信息

Samba 3.0.10 (OSX) – ‘lsa_io_trans_names’ Heap Overflow (Metasploit)：
Glossword 1.8.8 < 1.8.12 - Arbitrary File Upload (Metasploit)：
VMTurbo Operations Manager 4.6 – ‘vmtadmin.cgi’ Remote Command Execution (Metasploit)：
GoAutoDial CE 3.3 – Authentication Bypass / Command Injection (Metasploit)：
SlimFTPd – ‘LIST’ Concatenation Overflow (Metasploit)：
Borland CaliberRM – StarTeam Multicast Service Buffer Overflow (Metasploit)：
Microsoft Internet Explorer 11 (Windows 7 x86) – ‘mshtml.dll’ Remote Code Execution (MS17-007)：
SKILLS.com.au Industry App – Man In The Middle Remote Code Execution：