vulnerability

Oracle E-Business Suite: CVE-2017-14735: Critical Patch Update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Sep 25, 2017	Jun 20, 2022	Oct 16, 2025

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Sep 25, 2017

Added

Jun 20, 2022

Modified

Oct 16, 2025

Description

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.

Solutions

oracle-ebs-12_2_10-apply-patch-32196163oracle-ebs-12_2_4-apply-patch-32488018oracle-ebs-12_2_5-apply-patch-32488041oracle-ebs-12_2_6-apply-patch-32488053oracle-ebs-12_2_7-apply-patch-32488192oracle-ebs-12_2_8-apply-patch-32840432oracle-ebs-12_2_9-apply-patch-32840432oracle-ebs-apr-2021-cpu-12_1oracle-ebs-apr-2021-cpu-12_2

References

CVE-2017-14735
https://attackerkb.com/topics/CVE-2017-14735
CWE-79
URL-https://support.oracle.com/epmos/faces/DocumentDisplay?id=2759182.1
URL-https://www.oracle.com/security-alerts/cpuapr2021.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today