CVSS: 6.1EPSS: 2%CPEs: 218EXPL: 9CVE-2019-11358 – jQuery 3.3.1 - Prototype Pollution & XSS Exploit
https://notcve.org/view.php?id=CVE-2019-11358
19 Apr 2019 — jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propi... • https://packetstorm.news/files/id/190328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2847
https://notcve.org/view.php?id=CVE-2018-2847
19 Apr 2018 — Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Operations). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony First Edition accessible d... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-2848
https://notcve.org/view.php?id=CVE-2018-2848
19 Apr 2018 — Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Client Application Loader). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony First Edit... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2851
https://notcve.org/view.php?id=CVE-2018-2851
19 Apr 2018 — Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Enterprise Management Console). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hospitality ... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2853
https://notcve.org/view.php?id=CVE-2018-2853
19 Apr 2018 — Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Operations, Client Application Loader). Supported versions that are affected are 1.6 and 1.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony First Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Simphony First ... • http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html •