Oracle Identity Management suffers from a reflected cross site scripting POST injection vulnerability when parsing user input to the 'username' parameter via POST method thru '/usermanagement/forgotpassword/index.jsp' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session. Version 10.1.4.0.1 is affected.
11ad165297c46531c1bd989c2c880dd5e46fce591848aa84984ee7c5353bca88