Vulnerabilities > CVE-2006-7158 - Cross-Site Scripting vulnerability in Oracle Apex 2.0/2.1/2.2
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE network
oracle
Summary
Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351. This vulnerability is addressed in the following product update: http://www.oracle.com/technology/products/database/application_express/download.html
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |