CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-1506

Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.114

EPSS Ranking 93.3%

CVSS Severity

CVSS v2 Score 4.3

References

Products affected by CVE-2007-1506

Oracle » Application Server Portal » Version: N/A

cpe:2.3:a:oracle:application_server_portal:-
Oracle » Application Server Portal » Version: 3.0.9.8.5

cpe:2.3:a:oracle:application_server_portal:3.0.9.8.5
Oracle » Application Server Portal » Version: 9.0.2

cpe:2.3:a:oracle:application_server_portal:9.0.2
Oracle » Application Server Portal » Version: 9.0.2.3

cpe:2.3:a:oracle:application_server_portal:9.0.2.3
Oracle » Application Server Portal » Version: 9.0.2.3a

cpe:2.3:a:oracle:application_server_portal:9.0.2.3a
Oracle » Application Server Portal » Version: 9.0.2.3b

cpe:2.3:a:oracle:application_server_portal:9.0.2.3b

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2007-1506

Products

Pricing

Contact Us