Oracle Siebel 7.x CRM Cross Site Scripting Vulnerability

看板Bugtraq作者lament.時間16年前 (2010/03/02 06:32)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

======================================================= Yaniv Miron aka "Lament" Advisory Feb 27, 2010 Oracle Siebel 7.x CRM (7.7, 7.8 tested) Cross Site Scripting Vulnerability ======================================================= ===================== I. BACKGROUND ===================== Siebel Customer Relationship Management (CRM) Applications The world's most complete customer relationship management (CRM) solution, Oracle's Siebel CRM helps organizations differentiate their businesses to achieve maximum top-and bottom-line growth. It delivers a combination of transactional, analytical, and engagement features to manage all customer-facing operations. With solutions tailored to more than 20 industries, Siebel CRM delivers: Comprehensive on premise and on demand CRM solutions. Tailored industry solutions. Role-based customer intelligence and pre-built integration. http://www.oracle.com/us/products/applications/siebel/index.htm ===================== II. DESCRIPTION ===================== A malicious attacker may inject scripts into the Oracle Siebel CRM application. ===================== III. ANALYSIS ===================== Exploitation of this vulnerability results in the execution of arbitrary code using a malicious link. ===================== IV. EXPLOIT =====================