This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote host is affected by an unspecified cross-site scripting
The remote Oracle Application server is affected by an unspecified
cross-site scripting vulnerability. Specifically, installs that do not
set the 'HttpOnly' flag in session cookies are vulnerable.
See also :
See Oracle's Doc ID 1586861.1 for configuration change instructions
that mitigate this vulnerability by setting the 'HttpOnly' flag in
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : false
Family: CGI abuses : XSS
Nessus Plugin ID: 71899 ()
Bugtraq ID: 63066
CVE ID: CVE-2013-5773
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.