CVE-2006-6703

Published: Dec 23, 2006Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.

Affected (2)

Products: Oracle: Oracle10g, Oracle9i

Oracle

2 products

Oracle10g

Oracle9i

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Oracle10g	All versions
Oracle Oracle9i	All versions

References (6)

http://www.securityfocus.com/archive/1/455143/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/21717

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/5143

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/455143/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/21717

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/5143

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.