![从零开始打造一款轻量级响应式状态管理库[observable-lite]-一一网](https://www.proyy.com/skycj/data/images/2021-07-05/2b7b7d63d5f432a35de044d70885da3e.jpg)
漏洞信息详情
Oracle 9iAS OJSP Demo脚本跨站脚本攻击(XSS)漏洞
- CNNVD编号:CNNVD-200212-409
- 危害等级: 中危
![图片[1]-Oracle 9iAS OJSP Demo脚本跨站脚本攻击(XSS)漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-04-26/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2002-2347
- 漏洞类型:
跨站脚本
- 发布时间:
2002-12-31
- 威胁类型:
远程
- 更新时间:
2002-12-31
- 厂 商:
oracle - 漏洞来源:
Discovery of this … -
漏洞简介
Oracle 9i Application Server 9.0.2,1.0.2.2,1.0.2.1s和1.0.2O版本的Oracle Java Server Page (OJSP) demo文件(1)hellouser.jsp,(2)welcomeuser.jsp,和(3)usebean.jsp存在跨站脚本攻击(XSS)漏洞。远程攻击者可以借助text entry字段注入任意web脚本或HTML。
漏洞公告
The vendor advises administrators to remove the OJSP demo scripts. This may be accomplished by remnoving the following JSP files:
/ora9ias/j2ee/OC4J_Demos/applications/ojspdemos/ojspdemos-web/basic/simple
/ora9ias/j2ee/OC4J_Demos/applications/ojspdemos/ojspdemos-web/basic/hellouser
This issue will reportedly be addressed in Oracle 9iAS version 9.0.3, which is expected to be released in the fall of 2002.
参考网址
来源: BID
名称: 5452
链接:http://www.securityfocus.com/bid/5452
来源: XF
名称: oracle-appserver-ojsp-xss(9842)
链接:http://www.iss.net/security_center/static/9842.php
来源: otn.oracle.com
链接:http://otn.oracle.com/deploy/security/pdf/2002alert41rev1.pdf
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
