Oracle.Secure.Enterprise.Search.XSS

description-logoDescription

Oracle Secure Enterprise Search has a cross site scripting vulnerability. A remote attacker could inject arbitrary HTML or web scripts via the EXPTYPE parameter, aka SES01.

affected-products-logoAffected Products

Oracle Enterprise Search version 10.1.8 and prior.

Impact logoImpact

System compromise.

recomended-action-logoRecommended Actions

Apply patch, available from the Web site.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-12-11 16.978

References

oracle_cpu_apr_2007