The XML DB component in Oracle Database Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the 'oradb' servlet. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Classification
Location:
Remote/Network Access Required
Attack Type:
Input Manipulation
Impact:
Loss of Integrity
Exploit:
Exploit Available
Disclosure:
OSVDB Verified,
Vendor Verified
OSVDB:
Web Related
Solution
Currently, there are no known workarounds or upgrades to correct this issue. However, Oracle has released a patch to address this vulnerability.
red-database-security.com - Red Database Security GmbH