Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2002-1640

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.

Published

2002-04-01T05:00:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	oracle	configurator	≤ 11.5.6.16.52	Yes
Application	oracle	configurator	≤ 11.5.7.17.31	Yes
Application	oracle	configurator	11i	Yes

References

http://securitytracker.com/id?1003967 Exploit, Patch, Third Party Advisory, VDB Entry ([email protected])
http://www.oracle.com/technology//deploy/security/htdocs/oconfigvul.html Patch ([email protected])
http://www.securityfocus.com/bid/4430 Third Party Advisory, VDB Entry, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/4436 Third Party Advisory, VDB Entry, Vendor Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/8780 VDB Entry ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/8781 VDB Entry ([email protected])
http://securitytracker.com/id?1003967 Exploit, Patch, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technology//deploy/security/htdocs/oconfigvul.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/4430 Third Party Advisory, VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/4436 Third Party Advisory, VDB Entry, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8780 VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/8781 VDB Entry (af854a3a-2127-422b-91ae-364da2661108)