OSVDB ID: 39923

Title: Oracle PeopleSoft PeopleTools Unspecified Stored XSS

Info

Disclosure
Apr 18, 2007

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 PeopleSoft PeopleTools contains a flaw that allows a stored remote cross site scripting attack. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. No further details have been provided.

Classification

 Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity, Impact Unknown
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Authentication Required, Web Related

Solution

 Upgrade to PeopleTools 8.47.13 or higher for the 8.47 line, or 8.48.09 or higher for the 8.48 line, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Oracle Corporation

PeopleTools

 8.48 GA
8.47.04
8.48.01
8.47.05
8.48.02
8.47.06
8.48.03
8.47.07
8.48.04
8.47.08
8.48.05
8.47.09
8.48.06
8.47.10
8.47.11
8.47 GA
8.47.01
8.47.02
8.47.03
8.47.12
8.48.07
8.48.08

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/39923