This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.
The remote web server uses a script that is affected by a cross-site
The version of Oracle Secure Enterprise Search installed on the remote
host fails to sanitize input to the 'search_p_groups' parameter of the
'search/query/search' script before using it to generate dynamic HTML
output. An attacker may be able to leverage this to inject arbitrary
HTML and script code into a user's browser to be executed within the
security context of the affected site.
See also :
Upgrade to Secure Enterprise Search version 10.1.8.3 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true