Vulnerabilities > CVE-2009-1968 - Cross-Site Scripting vulnerability in Oracle Database Server 10.1.8.3

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
oracle
nessus
exploit available

Summary

Unspecified vulnerability in the Secure Enterprise Search component in Oracle Database 10.1.8.3 allows remote attackers to affect integrity via unknown vectors. NOTE: the previous information was obtained from the July 2009 CPU. Oracle has not commented on claims from an established researcher that this is cross-site scripting (XSS) via the search_p_groups parameter in search/query/search.

Vulnerable Configurations

Part Description Count
Application
Oracle
1

Exploit-Db

descriptionOracle 10g Secure Enterprise Search 'search_p_groups' Parameter Cross Site Scripting Vulnerability. CVE-2009-1968. Remote exploits for multiple platform
idEDB-ID:33082
last seen2016-02-03
modified2009-06-14
published2009-06-14
reporterAlexandr Polyakov
sourcehttps://www.exploit-db.com/download/33082/
titleOracle 10g Secure Enterprise Search 'search_p_groups' Parameter Cross-Site Scripting Vulnerability

Nessus

  • NASL familyCGI abuses : XSS
    NASL idORACLE_SES_SEARCH_P_GROUPS_XSS.NASL
    descriptionThe version of Oracle Secure Enterprise Search installed on the remote host fails to sanitize input to the
    last seen2020-06-01
    modified2020-06-02
    plugin id40550
    published2009-08-11
    reporterThis script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/40550
    titleOracle Database Secure Enterprise Search search/query/search search_p_groups Parameter XSS
  • NASL familyDatabases
    NASL idORACLE_RDBMS_CPU_JUL_2009.NASL
    descriptionThe remote Oracle database server is missing the July 2009 Critical Patch Update (CPU) and therefore is potentially affected by security issues in the following components : - Advanced Replication - Auditing - Config Management - Core RDBMS - Listener - Network Foundation - Secure Enterprise Search - Upgrade - Visual Private Database
    last seen2020-06-02
    modified2011-11-16
    plugin id56065
    published2011-11-16
    reporterThis script is Copyright (C) 2011-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/56065
    titleOracle Database Multiple Vulnerabilities (July 2009 CPU)

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/79328/DSECRG-09-025.txt
idPACKETSTORM:79328
last seen2016-12-05
published2009-07-17
reporterSh2kerr
sourcehttps://packetstormsecurity.com/files/79328/Oracle-Secure-Enterprise-Search-XSS.html
titleOracle Secure Enterprise Search XSS