CVE-2002-2347

Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*

History

20 Nov 2024, 23:43

Type Values Removed Values Added
References () http://otn.oracle.com/deploy/security/pdf/2002alert41rev1.pdf - () http://otn.oracle.com/deploy/security/pdf/2002alert41rev1.pdf -
References () http://www.iss.net/security_center/static/9842.php - () http://www.iss.net/security_center/static/9842.php -
References () http://www.securityfocus.com/bid/5452 - () http://www.securityfocus.com/bid/5452 -

Information

Published : 2002-12-31 05:00

Updated : 2024-11-20 23:43


NVD link : CVE-2002-2347

Mitre link : CVE-2002-2347

CVE.ORG link : CVE-2002-2347


JSON object : View

Products Affected

oracle

  • application_server
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')