Oracle XSQL servlet 1.0.3.0 and previous versions allows remote malicious users to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle oracle8i 8.1.7 |