Hospitality Materials Control Security Vulnerabilities and Issues — Hospitality Materials Control CVE List

Lucene search

OracleHospitality Materials Control

7 matches found

CVE•added 2020/04/29 10:15 p.m.•6922 views

CVE-2020-11022

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

6.9CVSS7.2AI score0.05513EPSS

CVE•added 2018/01/18 11:29 p.m.•2395 views

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

6.1CVSS6.3AI score0.11238EPSS

CVE•added 2019/04/20 12:29 a.m.•2191 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype.

6.1CVSS6.4AI score0.02394EPSS

CVE•added 2021/10/26 3:15 p.m.•743 views

CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position() util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS ...

6.5CVSS6.5AI score0.25367EPSS

CVE•added 2021/10/26 3:15 p.m.•613 views

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now trea...

6.5CVSS6.4AI score0.1926EPSS

CVE•added 2017/08/08 3:29 p.m.•35 views

CVE-2017-10223

Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Purchasing). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise O...

5.5CVSS4.8AI score0.00198EPSS

CVE•added 2017/08/08 3:29 p.m.•34 views

CVE-2017-10222

Vulnerability in the Oracle Hospitality Materials Control component of Oracle Hospitality Applications (subcomponent: Production Tool). Supported versions that are affected are 8.31.4 and 8.32.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to comprom...

5.5CVSS4.8AI score0.00198EPSS