Back to all zero days
Stored Cross-Site Scripting in Oracle
Jan 11, 2020
Proof of concept: (POC)
The following vulnerability was tested on Oracle Web content Management version 22.214.171.124.0.
Figure01: Help docs page in the Oracle Web content.
Figure 02: Navigate to any of the help topics shown above.
Figure 03: Inserting a simple payload & reflects in the response body without sanitization.
Figure 04: While triggering the print page event, the payload gets stored and assigned with the path URL. Whenever the user clicks the print page, the payload will be executed in the user browser.
Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Help Technologies accessible data as well as unauthorized update, insert or delete access to some of Oracle Help Technologies accessible data.
Download and apply the relevant patches from the vendor:
Jan 11, 2020: Reported to Vendor
Jan 12, 2020: Vendor Responded
Jun 19, 2020: CVE Assigned
Jul 14, 2020: Vendor Released Fixed
Cyber Security Research (CSW) Lab.
- Affected VendorOracle
- Bug NameStored Cross-Site Scripting
- CVE NumberCVE-2020-14723
- CWE IDCWE - 79
- CSW ID2020-CSW-01-1037
- CVSSv3 Score8.2
- Affected Version126.96.36.199.0
- Affected ProductOracle Help Technologies-UIX, Oracle Application Development Framework (ADF), Oracle's Browser Look and Feel Plus (BLAF+), Oracle fusion middleware.