CVE-2017-14735 in Hyperion Infrastructure Technologyinfo

Summary

OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as demonstrated by use of : to construct a javascript: URL.

Once again VulDB remains the best source for vulnerability data.

Reservation

09/25/2017

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilityCWEExpCouCVE
179133Oracle Hyperion Infrastructure Technology AntiSamy cross site scripting79Not definedOfficial fixCVE-2017-14735
179053Oracle Enterprise Manager Base Platform AntiSamy cross site scripting79Not definedOfficial fixCVE-2017-14735
173461Oracle E-Business Suite Technology Stack Attachments/iRecruitment/Contracts (AntiSamy) cross site scripting79Not definedOfficial fixCVE-2017-14735
153559Oracle Knowledge Web Applications cross site scripting79Not definedOfficial fixCVE-2017-14735
148765Oracle Application Testing Suite Oracle Flow Builder cross site scripting79Not definedOfficial fixCVE-2017-14735
148764Oracle Application Testing Suite Load Testing for Web Apps cross site scripting79Not definedOfficial fixCVE-2017-14735
138040Oracle Insurance Calculation Engine AntiSamy cross site scripting79Not definedOfficial fixCVE-2017-14735
137976Oracle FLEXCUBE Core Banking OpenSSL cross site scripting79Not definedOfficial fixCVE-2017-14735
129702Oracle Agile PLM AntiSamy cross site scripting79Not definedOfficial fixCVE-2017-14735
129684Oracle Retail Returns Management AntiSamy cross site scripting79Not definedOfficial fixCVE-2017-14735
129682Oracle Retail Central Office AntiSamy cross site scripting79Not definedOfficial fixCVE-2017-14735
129681Oracle Retail Back Office AntiSamy cross site scripting79Not definedOfficial fixCVE-2017-14735
129613Oracle Insurance Policy Administration J2EE AntiSamy cross site scripting79Not definedOfficial fixCVE-2017-14735
129571Oracle WebCenter Sites Jython cross site scripting79Not definedOfficial fixCVE-2017-14735
129526Oracle Banking Platform Jasper Project cross site scripting79Not definedOfficial fixCVE-2017-14735
125478Oracle Fusion Middleware MapViewer Install cross site scripting79Not definedOfficial fixCVE-2017-14735
107122OWASP AntiSamy HTML5 Entities HTML injection79Not definedNot definedCVE-2017-14735

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

PreviousOverviewNext

Might our Artificial Intelligence support you?

Check our Alexa App!