Page 4 of 35 results (0.099 seconds)

CVSS: 8.6EPSS: 2%CPEs: 4EXPL: 0

CVE-2020-14609

https://notcve.org/view.php?id=CVE-2020-14609

15 Jul 2020 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Answers). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracl... • https://www.oracle.com/security-alerts/cpujul2020.html •

CVSS: 9.8EPSS: 11%CPEs: 81EXPL: 8

CVE-2020-11023 – JQuery Cross-Site Scripting (XSS) Vulnerability

https://notcve.org/view.php?id=CVE-2020-11023

29 Apr 2020 — In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing

CVSS: 9.8EPSS: 86%CPEs: 4EXPL: 1

CVE-2020-2950 – Oracle Business Intelligence AMF Deserialization of Untrusted Data Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2020-2950

15 Apr 2020 — Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.... • https://github.com/tuo4n8/CVE-2020-2950 •

CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 2

CVE-2019-14862 – knockout: Cross-site Scripting (XSS) attacks due to not escaping the name attribute.

https://notcve.org/view.php?id=CVE-2019-14862

03 Dec 2019 — There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. Hay una vulnerabilidad en knockout versiones anteriores a la versión 3.5.0-beta, donde después de escapar del contexto de la aplicación web, la aplicación web entrega datos a sus usuarios junto con otro contenido dinámico seguro, sin comprobarlo. Red Hat Decision Manager is an o... • https://github.com/ossf-cve-benchmark/CVE-2019-14862 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 0

CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS

https://notcve.org/view.php?id=CVE-2019-10219

08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •