Vulnerabilities > CVE-2005-4549 - Remote vulnerability in Oracle Application Server Discussion Forum Portlet

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

oracle

NVD

Published: 2005-12-28

Updated: 2016-10-18

Summary

Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article.

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Application Server Discussion Forum Portlet *	1

References

http://marc.info/?l=full-disclosure&m=113532626203708&w=2
http://securityreason.com/securityalert/298
http://securitytracker.com/id?1015405
http://www.securityfocus.com/bid/16048
http://www.vupen.com/english/advisories/2005/3085