CVSS: 9.8EPSS: 11%CPEs: 81EXPL: 8CVE-2020-11023 – JQuery Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2020-11023
29 Apr 2020 — In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2514
https://notcve.org/view.php?id=CVE-2020-2514
15 Apr 2020 — Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 19.2. Easily exploitable vulnerability allows low privileged attacker having End User Role privilege with network access via HTTPS to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle A... • https://www.oracle.com/security-alerts/cpuapr2020.html •
CVSS: 6.1EPSS: 0%CPEs: 24EXPL: 0CVE-2020-9281 – Ubuntu Security Notice USN-5340-1
https://notcve.org/view.php?id=CVE-2020-9281
07 Mar 2020 — A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). Una vulnerabilidad de tipo cross-site scripting (XSS) en el HTML Data Processor for CKEditor versiones 4.0 anteriores a 4.14, permite a atacantes remotos inyectar script web arbitrario por medio de un comentario "protected" diseñado (con la sintaxis cke_protected). Kyaw Min Thein discov... • https://github.com/ckeditor/ckeditor4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 2%CPEs: 218EXPL: 8CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
https://notcve.org/view.php?id=CVE-2019-11358
19 Apr 2019 — jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propi... • https://packetstorm.news/files/id/190328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-2699 – Oracle Application Express AnyChart Flash-Based Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-2699
18 Jan 2018 — Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is Prior to 5.1.4.00.08. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can resu... • https://packetstorm.news/files/id/150975 •
CVSS: 6.1EPSS: 1%CPEs: 23EXPL: 1CVE-2016-7103 – jquery-ui: cross-site scripting in dialog closeText
https://notcve.org/view.php?id=CVE-2016-7103
09 Dec 2016 — Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Vulnerabilidad de XSS en la interfaz de usuario de jQuery en versiones anteriores a 1.12.0 podría permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro closeText de la función dialog. It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to ... • http://rhn.redhat.com/errata/RHSA-2016-2932.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2016-3448 – Oracle Patches 27 Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-3448
20 Jul 2016 — Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors. Vulnerabilidad no especificada en el componente Application Express en Oracle Database Server en versiones anteriores a 5.0.4 permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores desconocidos. A total of 27 vulnerabilities have been patched by Oracle. These affect eBusiness Suite R12.... • https://packetstorm.news/files/id/137976 •
CVSS: 5.8EPSS: 1%CPEs: 1EXPL: 1CVE-2016-3467 – Oracle Patches 27 Vulnerabilities
https://notcve.org/view.php?id=CVE-2016-3467
20 Jul 2016 — Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors. Vulnerabilidad no especificada en el componente Application Express en Oracle Database Server en versiones anteriores a 5.0.4 permite a atacantes remotos afectar la disponiblidad a través de vectores desconocidos. A total of 27 vulnerabilities have been patched by Oracle. These affect eBusiness Suite R12.x and 11.5, Apex, Primavera, OBIEE, ... • https://packetstorm.news/files/id/137976 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1811
https://notcve.org/view.php?id=CVE-2008-1811
16 Apr 2008 — Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors related to flows_030000.wwv_execute_immediate, aka APEX01. NOTE: the previous information was obtained from the April 2008 CPU. Oracle has not commented on reliable researcher claims that APEX01 is for insufficient authorization checks for SQL commands in the run_ddl function in flows_030000.wwv_execute_immediate, allowing privilege escalation by certain non-DBA remote authenticated u... • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=690 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1822
https://notcve.org/view.php?id=CVE-2008-1822
16 Apr 2008 — Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and remote attack vectors, aka APEX02. Vulnerabilidad no especificada en el componente Oracle Application Express en Oracle Application Express 3.0.1 tiene impacto y vectores de ataque remotos, también conocido como APEX02. • http://secunia.com/advisories/29829 •