CVE-2007-2119

Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the Administration Front End for Oracle Enterprise (Ultra) Search, as used in Database Server 9.2.0.8, 10.1.0.5, and 10.2.0.2, and in Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2.0 allows remote attackers to inject arbitrary HTML or web script via the EXPTYPE parameter, aka SES01.

Published: Apr 18, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-2119
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / database_server	10.2.0.2	10.2.0.2.x
oracle / application_server	10.1.2.2	10.1.2.2.x
oracle / application_server	10.1.2.0.2	10.1.2.0.2.x
oracle / database_server	9.2.0.8	9.2.0.8.x
oracle / application_server	9.0.4.3	9.0.4.3.x
oracle / database_server	10.1.0.5	10.1.0.5.x

http://www.oracle.com/technetwork/topics/security/cpuapr2007-090632.html
http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
http://www.red-database-security.com/advisory/oracle_css_ses.html
http://www.securityfocus.com/archive/1/466156/100/0/threaded
http://www.securityfocus.com/archive/1/466329/100/200/threaded
http://www.securityfocus.com/bid/23532
http://www.securitytracker.com/id?1017927
http://www.us-cert.gov/cas/techalerts/TA07-108A.html
http://www.vupen.com/english/advisories/2007/1426

Vulnerability Database

289,697

CVE-2007-2119