Is The Endeca MDEX 6.x Susceptible To XSS Attacks? (Doc ID 1505925.1)

Last updated on MAY 26, 2017

Applies to:

Oracle Commerce Guided Search / Oracle Commerce Experience Manager - Version 6.1.1 and later
Information in this document applies to any platform.

Goal

Our administrator is claiming that the Dgraph process is prone to XSS (Cross-Site Scripting) javascripts attacks. Is this true?  Will the Dgraph execute javascripts sent to it?

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms