Is The Endeca MDEX 6.x Susceptible To XSS Attacks?

(Doc ID 1505925.1)

Last updated on MAY 26, 2017

Applies to:

Oracle Commerce Guided Search / Oracle Commerce Experience Manager - Version 6.1.1 and later
Information in this document applies to any platform.


Our administrator is claiming that the Dgraph process is prone to XSS (Cross-Site Scripting) javascripts attacks. Is this true?  Will the Dgraph execute javascripts sent to it?


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms