Intrusion Prevention

Oracle.Secure.Enterprise.Search.XSS

Description

Oracle Secure Enterprise Search has a cross site scripting vulnerability. A remote attacker could inject arbitrary HTML or web scripts via the EXPTYPE parameter, aka SES01.

Affected Products

Oracle Enterprise Search version 10.1.8 and prior.

Impact

System compromise.

Recommended Actions

Apply patch, available from the Web site.
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html

CVE References

CVE-2007-2119

Other References

oracle_cpu_apr_2007