Oracle RDC Onsite XSS Vulnerability

October 18, 2011;

Michael Schmidt from Compass Security identified a vulnerability in an Oracle product. It is possible to insert JavaScript code into the search form of the RDC Onsite Help form. This JavaScript code is returned to the user without critical characters being replaced to their corresponding HTML entities. Oracle confirmed this vulnerability and released a patch. Oracle Tracking ID: 18244549 Advisory Date: 2011-10-18

Links:	Oracle Credit Statement Compass Advisory

News

HTML5 Web Security
12/7/11 - HTML5 Security Research Report

Review BlackHat / Defcon 2011
11/8/11 - This year, as every year, two security analysts of Compass Security AG participated in the BlackHat and Defcon in Las Vegas.

Oracle RDC Onsite XSS Vulnerability
10/18/11 - Compass Security has found a vulnerability in ORACLE RDC ONSITE.

Course Schedule - New iPhone & iPad Hands-On course
10/6/11 - The new iPhone & iPad Compass course will be held in Switzerland for the first time

it-sa 2011: Compass Live-Hacking at IT-SA 2011 in Nürnberg
9/29/11 - Meet Compass at IT-SA Messestand in Halle 12, Stand 226. We will present Live-Hackign with newest iPhone and Mobile Devices.