CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14899
https://notcve.org/view.php?id=CVE-2020-14899
21 Oct 2020 — Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Data Reporter. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Data Reporter, attacks may ... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14900
https://notcve.org/view.php?id=CVE-2020-14900
21 Oct 2020 — Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Group Calendar. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Group Calendar, attacks m... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14762
https://notcve.org/view.php?id=CVE-2020-14762
21 Oct 2020 — Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Succes... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14763
https://notcve.org/view.php?id=CVE-2020-14763
21 Oct 2020 — Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express Quick Poll. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express Quick Poll, attacks may significa... • https://www.oracle.com/security-alerts/cpuoct2020.html •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 1CVE-2020-26870
https://notcve.org/view.php?id=CVE-2020-26870
07 Oct 2020 — Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements. Cure53 DOMPurify versiones anteriores a 2.0.17, permite una mutación de XSS. Esto ocurre porque un viaje de ida y vuelta de análisis serializado no necesariamente devuelve el árbol DOM original, y un espacio de nombres puede cambiar de HTML a MathML, como es demo... • https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2513
https://notcve.org/view.php?id=CVE-2020-2513
15 Jul 2020 — Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful a... • https://www.oracle.com/security-alerts/cpujul2020.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2971
https://notcve.org/view.php?id=CVE-2020-2971
15 Jul 2020 — Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful a... • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2972
https://notcve.org/view.php?id=CVE-2020-2972
15 Jul 2020 — Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful a... • https://www.oracle.com/security-alerts/cpujul2020.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2973
https://notcve.org/view.php?id=CVE-2020-2973
15 Jul 2020 — Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful a... • https://www.oracle.com/security-alerts/cpujul2020.html •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2974
https://notcve.org/view.php?id=CVE-2020-2974
15 Jul 2020 — Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful a... • https://www.oracle.com/security-alerts/cpujul2020.html •