Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oracle | 10G Reports Server | 9.0.4.3.3 |
References
- http://marc.info/?l=bugtraq&m=111168323804203&w=2
- http://secunia.com/advisories/17250
- http://www.kb.cert.org/vuls/id/210524US Government Resource
- http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html
- http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_map
- http://www.securityfocus.com/bid/12892Exploit
- http://www.securityfocus.com/bid/15134
- http://www.us-cert.gov/cas/techalerts/TA05-292A.htmlUS Government Resource
- http://marc.info/?l=bugtraq&m=111168323804203&w=2
- http://secunia.com/advisories/17250
- http://www.kb.cert.org/vuls/id/210524US Government Resource
- http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html
- http://www.oracle.com/technology/deploy/security/pdf/public_vuln_to_advisory_map
- http://www.securityfocus.com/bid/12892Exploit
- http://www.securityfocus.com/bid/15134
FAQ
What is CVE-2005-0873?
CVE-2005-0873 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) reppro...
How severe is CVE-2005-0873?
CVE-2005-0873 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0873?
Check the references section above for vendor advisories and patch information. Affected products include: Oracle 10G Reports Server.