EIP-2026-102529

PRE-CVE

ORACLE Business Process Management (Process Administrator) 5.7-6.0-10.3 - Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102529. PoCs published by Markot.

AI-analyzed exploit summary This is a functional proof-of-concept for a reflected XSS vulnerability in Oracle Business Process Management Process Administrator. The exploit demonstrates arbitrary JavaScript execution via crafted URLs targeting the 'context' parameter in the 'tips.jsp' page.

Description

ORACLE Business Process Management (Process Administrator) 5.7-6.0-10.3 - Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Markot · textwebappsjsp

https://www.exploit-db.com/exploits/14369

View Code ZIP pw:eip

This is a functional proof-of-concept for a reflected XSS vulnerability in Oracle Business Process Management Process Administrator. The exploit demonstrates arbitrary JavaScript execution via crafted URLs targeting the 'context' parameter in the 'tips.jsp' page.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Oracle Business Process Management Process Administrator 5.7-6.0-10.3

No auth needed

Prerequisites: Access to the vulnerable web interface

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026