Oracle Cross Site Scripting Vulnerability -Adesh Kolte
Adesh Nandkishor Kolte (An Independent Cyber Security Resercher)
Founder of Toss Consultancy Pvt Ltd
Oracle Enterprise Performance Management Workspace
Vulnerable URL :
Technical Details & Description:
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can
execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate
website or web application. XSS is amongst the most rampant of web application
vulnerabilities and occurs when a web application makes use of unvalidated or unencoded
user input within the output it generates.
By leveraging XSS, an attacker does not target a victim directly. Instead, an attacker would
exploit a vulnerability within a website or web application that the victim would visit, essentially
using the vulnerable website as a vehicle to deliver a malicious script to the victim’s browser.
How Cross-site Scripting works
way to inject a payload into a web page that the victim visits. Of course, an attacker could use
social engineering techniques to convince a user to visit a vulnerable page with an injected
In order for an XSS attack to take place the vulnerable website needs to directly include user
input in its pages. An attacker can then insert a string that will be used within the web page
and treated as code by the victim’s browser.
How to reproduce this issue?
1. Visit This URL It will alert a xss POPUP
Proof Of Concept:
Hall Of Fame:
Thanks For Reading :)