CVE-2007-1506
Oracle Application Server Portal - Cross-Site Scripting via p_oldurl and p_newurl Parameters
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-1506. PoCs published by d3nx.
AI-analyzed exploit summary The exploit demonstrates a cross-site scripting (XSS) vulnerability in Oracle Portal by injecting malicious JavaScript into the 'p_oldurl' and 'p_newurl' parameters of the 'render_warning_screen' endpoint. The payload triggers arbitrary script execution in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.
Exploits (1)
The exploit demonstrates a cross-site scripting (XSS) vulnerability in Oracle Portal by injecting malicious JavaScript into the 'p_oldurl' and 'p_newurl' parameters of the 'render_warning_screen' endpoint. The payload triggers arbitrary script execution in the context of the affected site.