CVSS: 6.1EPSS: 2%CPEs: 218EXPL: 9CVE-2019-11358 – jQuery 3.3.1 - Prototype Pollution & XSS Exploit
https://notcve.org/view.php?id=CVE-2019-11358
19 Apr 2019 — jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propi... • https://packetstorm.news/files/id/190328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3475
https://notcve.org/view.php?id=CVE-2016-3475
21 Jul 2016 — Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console. Vulnerabilidad no especificada en el componente Oracle Knowledge en Oracle Siebel CRM 8.5.x permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores relacionados con Information Manager Console. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-3476
https://notcve.org/view.php?id=CVE-2016-3476
21 Jul 2016 — Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console. Vulnerabilidad no especificada en el componente Oracle Knowledge en Oracle Siebel CRM 8.5.x permite a atacantes remotos afectar la confidencialidad y la integridad a través de vectores relacionados con Information Manager Console. • http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html •