CVE-2005-4549 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2005-4549

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article.

Affected Software

Name	Vendor	Start Version	End Version
Application_server_discussion_forum_portlet	Oracle	*	*

References

http://www.securityfocus.com/bid/16048
http://securitytracker.com/id?1015405
http://securityreason.com/securityalert/298
http://www.vupen.com/english/advisories/2005/3085
http://marc.info/?l=full-disclosure\u0026m=113532626203708\u0026w=2