Hospitality Materials Control Security Vulnerabilities and Issues — Hospitality Materials Control CVE List

Lucene search

OracleHospitality Materials Control

7 matches found

CVE•added 2020/04/29 10:15 p.m.•6956 views

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

6.9CVSS7.2AI score0.02566EPSS

CVE•added 2018/01/18 11:29 p.m.•2415 views

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

6.1CVSS6.3AI score0.11287EPSS

CVE•added 2019/04/20 12:29 a.m.•2216 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.01294EPSS

CVE•added 2021/10/26 3:15 p.m.•753 views

CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS ...

6.5CVSS6.5AI score0.29896EPSS

CVE•added 2021/10/26 3:15 p.m.•624 views

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now trea...

6.5CVSS6.4AI score0.26482EPSS

CVE•added 2017/08/08 3:29 p.m.•35 views

CVE-2017-10223

Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise O...

5.5CVSS4.8AI score0.00198EPSS

CVE•added 2017/08/08 3:29 p.m.•34 views

CVE-2017-10222

Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to comprom...

5.5CVSS4.8AI score0.00198EPSS