vulnerability

Oracle E-Business Suite: CVE-2017-14735: Critical Patch Update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	2017-09-25	2022-06-20	2024-11-27

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

2017-09-25

Added

2022-06-20

Modified

2024-11-27

Description

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.

Solution(s)

oracle-ebs-12_2_10-apply-patch-32196163oracle-ebs-12_2_4-apply-patch-32488018oracle-ebs-12_2_5-apply-patch-32488041oracle-ebs-12_2_6-apply-patch-32488053oracle-ebs-12_2_7-apply-patch-32488192oracle-ebs-12_2_8-apply-patch-32840432oracle-ebs-12_2_9-apply-patch-32840432oracle-ebs-apr-2021-cpu-12_1oracle-ebs-apr-2021-cpu-12_2

References

CVE-2017-14735
https://attackerkb.com/topics/CVE-2017-14735
URL-https://support.oracle.com/epmos/faces/DocumentDisplay?id=2759182.1
URL-https://www.oracle.com/security-alerts/cpuapr2021.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today