Vulnerabilities > Oracle > Html DB > 1.3.6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-14 | CVE-2005-3203 | Unspecified vulnerability in Oracle Html DB 1.3/1.3.6 The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges. | 4.6 |
| 2005-10-14 | CVE-2005-3202 | Cross-Site Scripting vulnerability in Oracle HTML DB 1.3/1.3.6 Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters. network oracle | 6.8 |