VULHUB ™

Oracle 9iAS is bundled with a number of sample JSP scripts that are prone to cross-site scripting attacks. This is due to insufficient sanitization of HTML tags from data submitted via text fields in forms used by the vulnerable scripts. This data may also be submitted via parameters in a CGI query string. 'hellouser.jsp', 'welcomeuser.jsp' and 'usebean.jsp' are all affected by this issue. This potentially be exploited to cause script code to be executed in the browser of a legitimate user of Oracle 9iAS and may lead to disclosure of the user's JSESSIONID credential.

Oracle 9iAS is bundled with a number of sample JSP scripts that are prone to cross-site scripting attacks. This is due to insufficient sanitization of HTML tags from data submitted via text fields in forms used by the vulnerable scripts. This data may also be submitted via parameters in a CGI query string. 'hellouser.jsp', 'welcomeuser.jsp' and 'usebean.jsp' are all affected by this issue. This potentially be exploited to cause script code to be executed in the browser of a legitimate user of Oracle 9iAS and may lead to disclosure of the user's JSESSIONID credential.