Home / os / winmobile

Oracle Application Express AnyChart Flash-Based Cross Site Scripting

Posted on 03 January 2019

Oracle Application Express versions prior to 5.1.4.00.08 suffer from a cross site scripting vulnerability. The vulnerability is located in the OracleAnyChart.swf file. User input passed through the "__externalobjid" GET parameter is not properly sanitized before being passed to the "ExternalInterface.call" method.

 

TOP

Malware :

Exploits :