Full title: Oracle Application Express AnyChart Flash-Based Cross Site Scripting Vulnerability 
Category: web applications
Platform: multiple
Oracle Application Express versions prior to 5.1.4.00.08 suffer from a cross site scripting vulnerability. The vulnerability is located in the OracleAnyChart.swf file. User input passed through the "__externalobjid" GET parameter is not properly sanitized before being passed to the "ExternalInterface.call" method.

# 0day.today @ http://0day.today/