#############################################################
#
# COMPASS SECURITY ADVISORY
# http://www.csnc.ch/en/downloads/advisories.html
#
#############################################################
#
# Product:  			Oracle UIX
# Vendor:   			Oracle
# CVE ID:   			-
# Oracle Tracking ID: 		18244549
# Subject:  			Cross Site Scripting 
# Risk:     			High
# Effect:   			Remotely exploitable
# Author:   			Michael Schmidt <michael.schmidt@csnc.ch>
# Date:     			2011-10-18
#
#############################################################

Introduction:
-------------
XSS IN THE HELP PAGE SEARCH FIELD OF THE ONLINE HELP FOR ORACLE RDC ONSITE


Affected:
---------
Vulnerable:
 * Oracle UIX 2.3.6

Not vulnerable:
 * [no further versions tested]

Not tested:
 * [no further versions tested]

 
Technical Description
---------------------
It is possible to insert JavaScript code into the search form of the RDC Onsite Help form. This JavaScript code is returned to the user without critical characters being replaced to their corresponding HTML entities.


Timeline:
---------
2011-10-18:	Issue fixed by vendor - security patch released
2010-08-19:	Initial vendor response - issue is accepted and will be fixed in main code line
2010-08-18:     Initial vendor notification
2010-08-17:     Discovery by Michael Schmidt


References:
-----------

http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html