Oracle 9iAS iSQLplus XSS

This script is Copyright (C) 2004-2015 Frank Berger

Synopsis :

The login-page of Oracle9i iSQLplus allows the injection of HTML and
JavaScript code via the username and password parameters.

Description :

The remote host is running a version of the Oracle9i 'isqlplus' CGI
that is vulnerable to a cross-site scripting attack.

An attacker may exploit this flaw to steal the cookies of legitimate
users on the remote host.

See also :

Solution :

No solution is known.

Risk factor :

Medium / CVSS Base Score : 4.3

Family: CGI abuses : XSS

Nessus Plugin ID: 12112 ()

Bugtraq ID: