CVE-2002-1640
Published Apr 1, 2002
Last updated 6 years ago
Overview
- Description
- Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DB49A7C-58C0-43DE-86A6-28FB54E49D6F",
"versionEndIncluding": "11.5.6.16.52",
"versionStartIncluding": "11.5.6.0.0"
},
{
"criteria": "cpe:2.3:a:oracle:configurator:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DDE2F798-C8C9-4013-A658-6FCE74B12434",
"versionEndIncluding": "11.5.7.17.31",
"versionStartIncluding": "11.5.7.0.0"
},
{
"criteria": "cpe:2.3:a:oracle:configurator:11i:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E3B24CB-5198-4172-AF66-8B210BB14FDA"
}
],
"operator": "OR"
}
]
}
]