Oracle WebCenter Content Help Component XSS

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server contains several scripts that are susceptible
to reflected cross-site scripting attack.

Description :

Oracle WebCenter Content is susceptible to multiple reflected cross-
site scripting attacks in the help component including 'frameset.htm',
'api.htm', 'switch.js', and 'wwhsec.htm'.

By tricking someone into clicking on a specially crafted link, an
attacker may be able exploit this to inject arbitrary HTML and script
code in a user's browser to be executed within the security context of
the affected site.

See also :

http://www.nessus.org/u?9f19d081
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html

Solution :

See the Oracle advisory for information on obtaining and applying bug
fix patches.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: CGI abuses : XSS

Nessus Plugin ID: 57979 ()

Bugtraq ID: 51457

CVE ID: CVE-2012-0085