Here is a cross site scripting vulnerability in Oracle’s Rapid Install Web server application that Secunia rates as a less critical and the National Vulnerability Database rates it as a Medium.
From Secunia:
Description:
A vulnerability has been reported in Oracle Rapid Install, which can be exploited by malicious people to conduct cross-site scripting attacks.Input passed via the URL to the Oracle Rapid Install server is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.
Examples:
http://[host]:8004/pls/MSBEP004/[code]
http://[host]:8004/pls/[code]Solution:
Filter malicious characters and character sequences in a web proxy.
Tags: Oracle Rapid Install Web Server, XSS, Oracle Vulnerability, Cross Site Scripting
