This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.
The remote host is affected by an unspecified cross-site scripting
The remote Oracle Application server is affected by an unspecified
cross-site scripting vulnerability. Specifically, installations that
do not set the 'HttpOnly' flag in session cookies are vulnerable.
See also :
See Oracle's Doc ID 1586861.1 for configuration change instructions
that mitigate this vulnerability by setting the 'HttpOnly' flag in
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : false