Oracle WebCenter Content Help Component XSS

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server contains several scripts that are susceptible
to reflected cross-site scripting attack.

Description :

Oracle WebCenter Content is susceptible to multiple reflected cross-
site scripting attacks in the help component including 'frameset.htm',
'api.htm', 'switch.js', and 'wwhsec.htm'.

By tricking someone into clicking on a specially crafted link, an
attacker may be able exploit this to inject arbitrary HTML and script
code in a user's browser to be executed within the security context of
the affected site.

See also :

Solution :

See the Oracle advisory for information on obtaining and applying bug
fix patches.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false

Family: CGI abuses : XSS

Nessus Plugin ID: 57979 ()

Bugtraq ID: 51457

CVE ID: CVE-2012-0085