SEC Consult Security Advisory 20051223-1 - It is possible to read arbitrary files of the system such as the WEB-INF directory through the OracleAS discussion forum portlet. An attacker needs to know the file names.
775697c50859caa89bbb921a8a51d9bd892979eb7a28b8ba315d443a6c2d066a
SEC Consult Security Advisory 20051223-0 - OracleAS Discussion Forum Portlet suffers from multiple Cross Site Scripting vulnerabilities. E.g. it is possible to create relogin trojans, steal session cookies, alter the content of the site or hide articles which don't show up in the overview page.
d04346051912499b9c28f07d881f6390328e316d05d29a873a9d1b5b4f88b1a6