Lucene search

K
OracleApplication Express

19 matches found

CVE
CVE
added 2020/04/29 9:15 p.m.6689 views

CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3...

6.9CVSS7.2AI score0.21987EPSS
CVE
CVE
added 2020/03/07 1:15 a.m.1444 views

CVE-2020-9281

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).

6.1CVSS5.4AI score0.00693EPSS
CVE
CVE
added 2020/10/07 4:15 p.m.151 views

CVE-2020-26870

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.

6.1CVSS6.1AI score0.0029EPSS
CVE
CVE
added 2020/10/30 11:15 a.m.144 views

CVE-2020-7760

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vu...

7.5CVSS6.1AI score0.0034EPSS
CVE
CVE
added 2020/11/12 9:15 p.m.137 views

CVE-2020-27193

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.

6.1CVSS5.9AI score0.00908EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.58 views

CVE-2020-2514

Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 19.2. Easily exploitable vulnerability allows low privileged attacker having End User Role privilege with network access via HTTPS to compromise Oracle Application...

4.9CVSS4AI score0.00424EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.49 views

CVE-2020-14762

Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application E...

5.4CVSS5.4AI score0.00185EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.49 views

CVE-2020-2513

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express...

5.4CVSS5.1AI score0.00283EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.48 views

CVE-2020-2971

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express...

5.4CVSS5.1AI score0.00185EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.48 views

CVE-2020-2972

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express...

5.4CVSS5.1AI score0.00241EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.46 views

CVE-2020-2975

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express...

5.4CVSS5.1AI score0.00185EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.45 views

CVE-2020-14900

Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise...

5.4CVSS5AI score0.00185EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.45 views

CVE-2020-2973

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express...

5.4CVSS5.1AI score0.00185EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.40 views

CVE-2020-14763

Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Ora...

5.4CVSS5.3AI score0.00185EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.40 views

CVE-2020-2974

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express...

5.4CVSS5.1AI score0.00185EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.38 views

CVE-2020-2977

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application E...

4.9CVSS4.1AI score0.00185EPSS
CVE
CVE
added 2020/07/15 6:15 p.m.37 views

CVE-2020-2976

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express...

5.4CVSS5.1AI score0.00185EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.36 views

CVE-2020-14899

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise ...

5.4CVSS5AI score0.00185EPSS
CVE
CVE
added 2020/10/21 3:15 p.m.34 views

CVE-2020-14898

Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise ...

5.4CVSS5AI score0.00185EPSS