CVE-2007-0275

Oracle Application Server - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01.

References (8)

[Patch, Vendor Advisory] http://secunia.com/advisories/23794

[Vendor Advisory] http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA07-017A.html

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/31541

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/457193/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/22083

[Third Party Advisory, VDB Entry] http://osvdb.org/32906

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1017522

Scores

EPSS 0.0078

EPSS Percentile 73.5%

Classification

CWE

CWE-79

Status draft

Affected Products (8)

oracle/application_server

oracle/application_server

oracle/application_server

oracle/collaboration_suite

oracle/database_server

oracle/database_server

oracle/database_server

oracle/e-business_suite

Timeline

Published Jan 17, 2007

Tracked Since Feb 18, 2026