CVE-2005-4549: XSS
First published: Wed Dec 28 2005(Updated: )
Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle Application Server |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-4549?
CVE-2005-4549 is classified as a high-severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2005-4549?
To fix CVE-2005-4549, apply the latest updates or patches provided by Oracle for the Oracle Application Server.
What are the potential impacts of CVE-2005-4549?
The potential impacts of CVE-2005-4549 include unauthorized access to user sessions and execution of malicious scripts.
Which software is affected by CVE-2005-4549?
CVE-2005-4549 affects the Oracle Application Server Discussion Forum Portlet.
Can CVE-2005-4549 be exploited remotely?
Yes, CVE-2005-4549 can be exploited remotely by attackers through malicious web scripts.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/oracle
- canonical/oracle application server