Cross Site Scripting Vulnerability (Doc ID 1470634.1)

Last updated on SEPTEMBER 06, 2017

Applies to:

Oracle Communications Order and Service Management - Version 7.0.2 to 7.0.3 [Release 7.0.0]
Information in this document applies to any platform.
Checked for relevance on 29-Dec-2013
***Checked for relevance on 08-Dec-2015***

Symptoms

In OSM Web Client, it is possible to run the script by inserting it into an element. This should not be allowed

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms