CVSS: 6.1EPSS: 0%CPEs: 81EXPL: 1CVE-2015-9251 – jquery: Cross-site scripting via cross-domain ajax requests
https://notcve.org/view.php?id=CVE-2015-9251
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. jQuery en versiones anteriores a la 3.0.0 es vulnerable a ataques de Cross-site Scripting (XSS) cuando se realiza una petición Ajax de dominios cruzados sin la opción dataType. Esto provoca que se ejecuten respuestas de texto/javascript. • https://github.com/halkichi0308/CVE-2015-9251 http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html http://seclists.org/fulldisclosure/2019/May/10 http://seclists.org/fulldisclosure/2019/May/11 http://seclists.org/fulldisclosure/2019/May/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2606
https://notcve.org/view.php?id=CVE-2018-2606
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Hospitality Guest Access executes to compromise Oracle Hospitality Guest Access. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data. CVSS 3.0 Base Score 6.2 (Confidentiality impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102579 •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10370
https://notcve.org/view.php?id=CVE-2017-10370
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Hospitality Guest Access, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Guest Access accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101430 •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10372
https://notcve.org/view.php?id=CVE-2017-10372
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. While the vulnerability is in Oracle Hospitality Guest Access, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality Guest Access accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Hospitality Guest Access. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101427 •
CVSS: 4.9EPSS: 0%CPEs: 2EXPL: 0CVE-2017-10375
https://notcve.org/view.php?id=CVE-2017-10375
Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Guest Access. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Guest Access accessible data as well as unauthorized read access to a subset of Oracle Hospitality Guest Access accessible data. • http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/101434 •