ulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Scripting Admin). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Scripting accessible data as well as unauthorized read access to a subset of Oracle Scripting accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
| Link | Resource |
|---|---|
| https://www.oracle.com/security-alerts/cpujan2026.html | Vendor Advisory |
29 Jan 2026, 20:40
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.oracle.com/security-alerts/cpujan2026.html - Vendor Advisory | |
| First Time |
Oracle
Oracle scripting |
|
| CPE | cpe:2.3:a:oracle:scripting:*:*:*:*:*:*:*:* |
21 Jan 2026, 16:16
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-79 |
20 Jan 2026, 22:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Published : 2026-01-20 22:15
Updated : 2026-01-29 20:40
NVD link : CVE-2026-21943
Mitre link : CVE-2026-21943
CVE.ORG link : CVE-2026-21943
JSON object : View
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')