CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-2117
https://notcve.org/view.php?id=CVE-2021-2117
20 Jan 2021 — Vulnerability in the Oracle Application Express Survey Builder component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Survey Builder. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Survey Builder, attacks m... • https://www.oracle.com/security-alerts/cpujan2021.html •
CVSS: 6.1EPSS: 0%CPEs: 23EXPL: 0CVE-2020-27193
https://notcve.org/view.php?id=CVE-2020-27193
12 Nov 2020 — A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. Una vulnerabilidad de tipo cross-site scripting (XSS) en el plugin Color Dialog para CKEditor versión 4.15.0, permite a atacantes remotos ejecutar script web arbitrario después de persuadir a un usuario para que copie y pegue código HTML diseñado en una de las entradas del editor • https://ckeditor.com/blog/CKEditor-4.15.1-with-a-security-patch-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 7CVE-2020-7760 – Regular Expression Denial of Service (ReDoS)
https://notcve.org/view.php?id=CVE-2020-7760
30 Oct 2020 — This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)* Esto afecta al paquete codemirror versiones anteriores a 5.58.2; el paquete org.apache.marmotta.webjars:codemirror anterior a 5.58.2. ... • https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14898
https://notcve.org/view.php?id=CVE-2020-14898
21 Oct 2020 — Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Packaged Apps. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Packaged Apps, attacks may ... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14899
https://notcve.org/view.php?id=CVE-2020-14899
21 Oct 2020 — Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may ... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14900
https://notcve.org/view.php?id=CVE-2020-14900
21 Oct 2020 — Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Group Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Group Calendar, attacks m... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14762
https://notcve.org/view.php?id=CVE-2020-14762
21 Oct 2020 — Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Succes... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14763
https://notcve.org/view.php?id=CVE-2020-14763
21 Oct 2020 — Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Quick Poll. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Quick Poll, attacks may significa... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2020-26870
https://notcve.org/view.php?id=CVE-2020-26870
07 Oct 2020 — Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Cure53 DOMPurify versiones anteriores a 2.0.17, permite una mutación de XSS. Esto ocurre porque un viaje de ida y vuelta de análisis serializado no necesariamente devuelve el árbol DOM original, y un espacio de nombres puede cambiar de HTML a MathML, como es demo... • https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2513
https://notcve.org/view.php?id=CVE-2020-2513
15 Jul 2020 — Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful a... • https://www.oracle.com/security-alerts/cpujul2020.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •