Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:ORACLE:CVE-2014-0379-XSS |
|---|---|
Severity |
Major |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Oracle Demantra Stored Cross Site Scripting |
Release Date |
2017/06/20 |
Update Number |
2928 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Oracle Demantra Stored Cross Site Scripting
Oracle Demantra Demand Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the url parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site.
Extended Description
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect integrity via unknown vectors related to DM Others.
Affected Products
- Oracle supply_chain_products_suite 7.2.0.3
- Oracle supply_chain_products_suite_sql-server 12.2.0
- Oracle supply_chain_products_suite_sql-server 12.2.1
- Oracle supply_chain_products_suite_sql-server 12.2.2
- Oracle supply_chain_products_suite_sql-server 7.3.0
- Oracle supply_chain_products_suite_sql-server 7.3.1
References
- CVE: CVE-2014-0379