CVE-2005-1381

Oracle Application Server Web Cache 9i - Cross-Site Scripting via cache_dump_file or PartialPageErrorPage Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1381. PoCs published by Alexander Kornbrust.

AI-analyzed exploit summary The exploit demonstrates a cross-site scripting (XSS) vulnerability in Oracle Application Server 9i Webcache administration console by injecting malicious JavaScript via the 'PartialPageErrorPage' parameter. The payload triggers an alert with the victim's cookies, confirming the vulnerability.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Alexander Kornbrust · textremotemultiple
https://www.exploit-db.com/exploits/25563

The exploit demonstrates a cross-site scripting (XSS) vulnerability in Oracle Application Server 9i Webcache administration console by injecting malicious JavaScript via the 'PartialPageErrorPage' parameter. The payload triggers an alert with the victim's cookies, confirming the vulnerability.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Oracle Application Server 9i Webcache
No auth needed
Prerequisites: Access to the Webcache administration console URL
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Alexander Kornbrust · textremotemultiple
https://www.exploit-db.com/exploits/25562

The exploit demonstrates a cross-site scripting (XSS) vulnerability in Oracle Application Server 9i Webcache administration console by injecting malicious JavaScript via the 'cache_dump_file' parameter. The payload triggers an alert with the victim's cookies, confirming the vulnerability.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Oracle Application Server 9i Webcache administration console
Auth required
Prerequisites: Access to the Webcache administration console · Valid credentials for authentication
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/20309
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111472423409560&w=2
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13421
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13422
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/15143
Vendor Advisory vdb-entry x_refsource_osvdb
http://www.osvdb.org/15910

Scores

EPSS 0.2019
EPSS Percentile 97.1%

Details

Status published
Products (1)
oracle/application_server_web_cache
Published May 03, 2005
Tracked Since Feb 18, 2026