Description
Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter.
Exploits (1)
References (8)
Core 8
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/12892
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111168323804203&w=2
US Government Resource third-party-advisory
x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA05-292A.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15134
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/210524
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_mapping.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17250
Scores
EPSS
0.6738
EPSS Percentile
98.6%
Details
Status
published
Products (1)
oracle/10g_reports_server
9.0.4.3.3
Published
May 02, 2005
Tracked Since
Feb 18, 2026