Zero-friction vulnerability management platform

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2007-0275

CVE information

Published

15 years ago

Last Modified

3 years ago

CVSSv2.0 Severity

Low

Impact Analysis

Description

Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to inject arbitrary HTML or web script via the genuser parameter to rwcgi60, aka OWF01..

CVSSv2.0 Score

Severity
Low
Base Score
3.5/10
Exploit Score
6.8/10
Access Vector
Network
Access Complexity
Medium
Authentication Required
Single
Impact Score
2.9/10
Confidentiality Impact
None
Availability Impact
None
Integrity Impact
Partial

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:oracle:application_server:10.1.2.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:application_server:10.1.2.0.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:database_server:9.2.0.8:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:database_server:10.2.0.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:e-business_suite:11.5.10.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:collaboration_suite:10.1.2:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:oracle:database_server:10.1.0.5:*:*:*:*:*:*:*
  Yes
- -