Oracle WebCenter Content idc/idcplg Multiple Parameter XSS

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The remote web server contains a script that is prone to a reflected
cross-site scripting attack.

Description :

Oracle WebCenter Content script '/idc/idcplg' contains several
parameters that are incorrectly filtered, including 'sltPageTitle' and
'redirectPageTitle'. This makes the WebCenter Content install
susceptible to a reflected cross-site scripting attack.

By tricking someone into clicking on a specially crafted link, an
attacker may be able exploit this to inject arbitrary HTML and script
code in a user's browser to be executed within the security context of
the affected site.

See also :

Solution :

See the Oracle advisory for information on obtaining and applying bug
fix patches.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false

Family: CGI abuses : XSS

Nessus Plugin ID: 57981 ()

Bugtraq ID: 51454

CVE ID: CVE-2012-0084