cve/CVE-2016-3438.md at 7909e50b64548be2689e5ad0bc37714dc0608a96

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00

0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024

2024-05-26 14:27:05 +02:00

Description

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via three unspecified parameters in an unknown JSP file.

POC

Reference

http://packetstormsecurity.com/files/138564/Oracle-E-Business-Suite-12.2-Cross-Site-Scripting.html
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html

Github

No PoCs found on GitHub currently.

1.1 KiB Raw Blame History

CVE-2016-3438

Description

POC

Reference

Github

1.1 KiB

Raw Blame History