HTTP: Oracle Demantra Stored Cross Site Scripting
Oracle Demantra Demand Management is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the url parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site.
Extended Description
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect integrity via unknown vectors related to DM Others.
Affected Products
Oracle supply_chain_products_suite_sql-server
References
CVE: CVE-2014-0379
Short Name
HTTP:ORACLE:CVE-2014-0379-XSS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2014-0379 Cross Demantra Oracle Scripting Site Stored
Release Date
06/20/2017
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Oracle
CVSS Score
4.3