CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 1CVE-2016-7103 – jquery-ui: cross-site scripting in dialog closeText
https://notcve.org/view.php?id=CVE-2016-7103
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Vulnerabilidad de XSS en la interfaz de usuario de jQuery en versiones anteriores a 1.12.0 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro closeText de la función dialog. It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user. • http://rhn.redhat.com/errata/RHSA-2016-2932.html http://rhn.redhat.com/errata/RHSA-2016-2933.html http://rhn.redhat.com/errata/RHSA-2017-0161.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/104823 https://github.com/jquery/api.jqueryui.com/issues/281 https://github.com/jquery/jquery-ui/commit/9644e7bae9116edaf8d37c5b38cb32b892f10ff6 https://jqueryui.com/changelog/1.12.0 https://lists.apache.org/thread.html/519eb0fd45642dcecd9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 1%CPEs: 3EXPL: 1CVE-2016-3473 – Oracle BI Publisher 11.1.1.6.0/11.1.1.7.0/11.1.1.9.0/12.2.1.0.0 - XML External Entity Injection
https://notcve.org/view.php?id=CVE-2016-3473
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente BI Publisher (anteriormente XML Publisher) en Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0 y 12.2.1.0.0 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos. • https://www.exploit-db.com/exploits/40590 http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html http://www.securityfocus.com/bid/93719 http://www.securitytracker.com/id/1037051 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2016-3432
https://notcve.org/view.php?id=CVE-2016-3432
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web Server. Vulnerabilidad no especificada en el componente BI Publisher (anteriormente XML Publisher) en Oracle Fusion Middleware 11.1.1.7.0 y 11.1.1.9.0 permite a usuarios remotos autenticados afectar la confidencialidad y la integridad a través de vectores relacionados con Web Server. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/92033 http://www.securitytracker.com/id/1036370 •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3474
https://notcve.org/view.php?id=CVE-2016-3474
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality via vectors related to Security. Vulnerabilidad no especificada en el componente BI Publisher (anteriormente XML Publisher) en Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0 y 12.2.1.0.0 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con Security. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/92027 http://www.securitytracker.com/id/1036370 •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2016-3544
https://notcve.org/view.php?id=CVE-2016-3544
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 11.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web General. Vulnerabilidad no especificada en el componente Oracle Business Intelligence Enterprise Edition en Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0 y 11.2.1.0.0 permite a usuarios remotos autenticados afectar la confidencialidad y la integridad a través de vectores relacionados con Analytics Web General. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.securityfocus.com/bid/91787 http://www.securityfocus.com/bid/92028 http://www.securitytracker.com/id/1036370 •