| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061023163446.18629.qmail@securityfocus.com> Date: 23 Oct 2006 16:34:46 -0000 From: ak@...-database-security.com To: bugtraq@...urityfocus.com Subject: Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP Name Cross-Site-Scripting Vulnerability in Oracle APEX WWV_FLOW_ITEM_HELP Systems Affected Oracle APEX/HTMLDB Severity Medium Risk Category Cross Site Scripting (XSS/CSS) Vendor URL http://www.oracle.com/ Author Alexander Kornbrust (ak at red-database-security.com) Date 18 October 2006 (V 1.00) Advisory http://www.red-database-security.com/advisory/oracle_apex_css_wwv_flow_item_help.html Details ####### The package WWV_FLOW_ITEM_HELP contains a cross site scripting vulnerability. Affected Products ################# Oracle APEX/HTMLDB < 2.2.1 Patch Information ################# This bug is fixed with the patch 2.2.1 of APEX which is not part of the Critical Patch Update October 2006. It's necessary to upgrade your APEX/HTMLDB installation to 2.2.1. Patches are currently not available for Oracle Application Express. History ####### 03-oct-2005 Oracle secalert was informed 04-oct-2005 Bug confirmed 17-oct-2006 Oracle published CPU October 2006 18-oct-2006 Red-Database-Security published this advisory Additional Information ###################### An analysis of the Oracle CPU Oct 2006 is available here http://www.red-database-security.com/advisory/oracle_cpu_oct_2006.html
Powered by blists - more mailing lists