Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). The content of the in_hi_redirect parameter, when prefixed with the https:// scheme, is unsafely reflected in a HTML META tag in the HTTP response. NOTE: this CVE is assigned by MITRE and isn't validated by Oracle because Oracle WebCenter Interaction Portal is out of support.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Oracle WebCenter Interaction 跨站脚本漏洞
Vulnerability Description
Oracle WebCenter Interaction是美国甲骨文(Oracle)公司的一套用于创建企业门户、协作社区、组合应用程序和社交应用程序的套件。Oracle WebCenter Interaction Portal是其中的一个管理界面。 Oracle WebCenter Interaction Portal 10.3.3版本中的登录功能存在跨站脚本漏洞。远程攻击者可借助https://(URL Scheme)及‘in_hi_redirect’参数利用该漏洞在用户浏览器中执行任意脚本代码。
CVSS Information
N/A
Vulnerability Type
N/A