16 results (0.016 seconds)

CVSS: 6.5EPSS: 0%CPEs: 429EXPL: 0

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0160 https://access.redhat.com/errata/RHSA-2020:0161 https://access.redhat.com/errata/RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0445 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219 https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba0911 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to Help screens. Vulnerabilidad no especificada en el componente Oracle Application Object Library en Oracle E-Business Suite 11.5.10.2, permite a usuarios remotos autenticados afectar la integridad a través de vectores desconocidos relacionados con Help screens. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032926 •

CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Web Management. Vulnerabilidad no especificada en el componente Oracle Marketing en Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.3 y 12.2.4, permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Web Management. • http://seclists.org/fulldisclosure/2015/Oct/33 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032926 •

CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Input validation. Vulnerabilidad no especificada en el componente Oracle Application Object Library en Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3 y 12.2.4, permite a usuarios remotos autenticados afectar la integridad a través de vectores desconocidos relacionados con la validación de entrada. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032926 •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in the Technology stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Applet startup. Vulnerabilidad no especificada en el componente de pila Technology en Oracle E-Business Suite 11.5.10.2, 12.0.6 y 12.1.3, permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Applet startup. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032926 •