CVE-2007-3553
Oracle Application Server - Cross-Site Scripting via Secondary Login Page
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-3553. PoCs published by Kaushal Desai.
AI-analyzed exploit summary The exploit demonstrates a cross-site scripting (XSS) vulnerability in Oracle Rapid Install Web Server by injecting a script tag into the URL path. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the victim's browser.
Description
Cross-site scripting (XSS) vulnerability in Rapid Install Web Server in Oracle Application Server 11i allows remote attackers to inject arbitrary web script or HTML via a URL to the "Secondary Login Page", as demonstrated using (1) pls/ and (2) pls/MSBEP004/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Exploits (1)
The exploit demonstrates a cross-site scripting (XSS) vulnerability in Oracle Rapid Install Web Server by injecting a script tag into the URL path. The vulnerability arises due to insufficient input sanitization, allowing arbitrary JavaScript execution in the context of the victim's browser.