Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Hospitality Materials Control Security Vulnerabilities

cve
cve

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

6.5CVSS

6.2AI Score

0.004EPSS

2021-10-26 03:15 PM
278
8
cve
cve

CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS....

6.5CVSS

6.2AI Score

0.004EPSS

2021-10-26 03:15 PM
404
8
cve
cve

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery...

6.9CVSS

6.8AI Score

0.061EPSS

2020-04-29 10:15 PM
5379
In Wild
18
cve
cve

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native...

6.1CVSS

6.4AI Score

0.035EPSS

2019-04-20 12:29 AM
1198
In Wild
6
cve
cve

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be...

6.1CVSS

6.3AI Score

0.007EPSS

2018-01-18 11:29 PM
1686
5
cve
cve

CVE-2017-10223

Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise.....

5.4CVSS

4.8AI Score

0.001EPSS

2017-08-08 03:29 PM
21
cve
cve

CVE-2017-10222

Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

5.4CVSS

4.8AI Score

0.001EPSS

2017-08-08 03:29 PM
23