Oracle.Secure.Enterprise.Search.XSS
Description
Oracle Secure Enterprise Search has a cross site scripting vulnerability. A remote attacker could inject arbitrary HTML or web scripts via the EXPTYPE parameter, aka SES01.
Affected Products
Oracle Enterprise Search version 10.1.8 and prior.
Impact
System compromise.
Recommended Actions
Apply patch, available from the Web site.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2020-12-11 | 16.978 |