CVSS: 6.1EPSS: 0%CPEs: 81EXPL: 1CVE-2015-9251 – jquery: Cross-site scripting via cross-domain ajax requests
https://notcve.org/view.php?id=CVE-2015-9251
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. jQuery en versiones anteriores a la 3.0.0 es vulnerable a ataques de Cross-site Scripting (XSS) cuando se realiza una petición Ajax de dominios cruzados sin la opción dataType. Esto provoca que se ejecuten respuestas de texto/javascript. • https://github.com/halkichi0308/CVE-2015-9251 http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html http://seclists.org/fulldisclosure/2019/May/10 http://seclists.org/fulldisclosure/2019/May/11 http://seclists.org/fulldisclosure/2019/May/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2018-2620
https://notcve.org/view.php?id=CVE-2018-2620
Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Platform). Supported versions that are affected are 10.x, 15.x, 16.x and 17.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Primavera Unifier accessible data as well as unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html http://www.securityfocus.com/bid/102583 http://www.securitytracker.com/id/1040213 •
CVSS: 4.9EPSS: 0%CPEs: 8EXPL: 0CVE-2017-10149
https://notcve.org/view.php?id=CVE-2017-10149
Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data as well as unauthorized read access to a subset of Primavera Unifier accessible data. • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.securityfocus.com/bid/99780 http://www.securitytracker.com/id/1038946 •
CVSS: 4.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-10150
https://notcve.org/view.php?id=CVE-2017-10150
Vulnerability in the Primavera Unifier component of Oracle Primavera Products Suite (subcomponent: Platform). Supported versions that are affected are 9.13, 9.14, 10.1, 10.2, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera Unifier. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera Unifier accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). • http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html http://www.securityfocus.com/bid/99800 http://www.securitytracker.com/id/1038946 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2016-4055
https://notcve.org/view.php?id=CVE-2016-4055
The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." La función duration en el paquete moment en versiones anteriores a 2.11.2 para Node.js permite a atacantes remotos provocar una denegación de servicio (consumo de CPU ) a través de una cadena larga, vulnerabilidad también conocida como "Denial of Service (ReDoS) de expresión regular". • http://www.openwall.com/lists/oss-security/2016/04/20/11 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.securityfocus.com/bid/95849 https://lists.apache.org/thread.html/10f0f3aefd51444d1198c65f44ffdf2d78ca3359423dbc1c168c9731%40%3Cdev.flink.apache.org%3E https://lists.apache.org/thread.html/17ff53f7999e74fbe3cc0ceb4e1c3b00b180b7c5afec8e978837bc49%40%3Cuser.flink.apache.org%3E https://lists.apache.org/thread.html/52bafac05ad174000ea465fe275fd3cc7bd5c25535a7631c0bc9bfb2%40%3Cuser.flink.apache.org%3E https:/ • CWE-400: Uncontrolled Resource Consumption •