An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser.
5.4CVSS
5.5AI Score
0.001EPSS
Userβs supplied input (usually a CRLF sequence) can be used to split a returning response into two responses.
6.1CVSS
6.2AI Score
0.001EPSS
Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application
6.1CVSS
6AI Score
0.001EPSS