This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.
The remote web server contains a PHP script that has a cross-site
The version of Oracle Secure Backup Administration server running on
the remote host has a cross-site scripting vulnerability. Input to
the 'mode' parameter of login.php is not properly sanitized.
A remote attacker could exploit this by tricking a user into
requesting a maliciously crafted URL, resulting in arbitrary script
See also :
Apply the patch referenced in Oracle's advisory.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false