Description
Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet.
Affected products
- oracle / oracle8i8.1.7 – 8.1.7