This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote host has software installed that is affected by multiple
The remote Oracle WebCenter Sites install is missing patches from the
October 2012 CPU. As a result, it may be affected by multiple
- A cross-site request forgery vulnerability exists that
can be triggered by tricking a victim into clicking an
image link on a specially crafted page. (CVE-2012-3185)
- A flaw in the UI Subcomponent could allow an
authenticated user the ability to alter the email
address information of other users. (CVE-2012-3183)
- The UI Subcomponent is affected by a cross-site
scripting vulnerability due to lack of sanitization for
the 'username' and 'StartItem' parameters.
- The 'selectedLocale' parameter in the UI Subcomponent is
not properly sanitized and allows SQL injection.
- The Oracle WebCenter Sites ImagePicket Subcomponent is
affected by an unspecified local vulnerability.
See also :
Apply the appropriate patch according to the October 2012 Oracle
Critical Patch Update advisory.
Risk factor :
Medium / CVSS Base Score : 5.5
CVSS Temporal Score : 4.3
Public Exploit Available : true