Oracle 9iAS iSQLplus XSS

This script is Copyright (C) 2004-2014 Frank Berger


Synopsis :

The login-page of Oracle9i iSQLplus allows the injection of HTML and
JavaScript code via the username and password parameters.

Description :

The remote host is running a version of the Oracle9i 'isqlplus' CGI
that is vulnerable to a cross-site scripting attack.

An attacker may exploit this flaw to steal the cookies of legitimate
users on the remote host.

See also :

http://www.securitytracker.com/alerts/2004/Jan/1008838.html

Solution :

No solution is known.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: CGI abuses : XSS

Nessus Plugin ID: 12112 ()

Bugtraq ID:

CVE ID: