This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote web server contains a script that is prone to a reflected
cross-site scripting attack.
Oracle WebCenter Content script '/idc/idcplg' contains several
parameters that are incorrectly filtered, including 'sltPageTitle' and
'redirectPageTitle'. This makes the WebCenter Content install
susceptible to a reflected cross-site scripting attack.
By tricking someone into clicking on a specially crafted link, an
attacker may be able exploit this to inject arbitrary HTML and script
code in a user's browser to be executed within the security context of
the affected site.
See also :
See the Oracle advisory for information on obtaining and applying bug
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false