Vulnerabilities > Oracle > Agile Product Lifecycle Management FOR Process > 6.2.0.0

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-29	CVE-2020-11022	Cross-site Scripting vulnerability in multiple products In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. network low complexity jquery drupal debian fedoraproject oracle netapp opensuse tenable CWE-79	6.1
2019-04-20	CVE-2019-11358	jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. network low complexity jquery debian drupal backdropcms fedoraproject opensuse netapp redhat oracle joomla juniper	6.1
2018-10-17	CVE-2018-3134	Unspecified vulnerability in Oracle Agile Product Lifecycle Management for Process 6.2.0.0 Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: User Group Management). local high complexity oracle	2.6
2018-07-18	CVE-2018-3069	Unspecified vulnerability in Oracle Agile Product Lifecycle Management for Process 6.2.0.0 Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). network low complexity oracle	4.0
2018-04-19	CVE-2018-2572	Unspecified vulnerability in Oracle Agile Product Lifecycle Management for Process 6.1.1.6/6.2.0.0/6.2.1.0 Vulnerability in the Oracle Agile Product Lifecycle Management for Process component of Oracle Supply Chain Products Suite (subcomponent: Installation). network oracle	5.8
2018-01-18	CVE-2015-9251	Cross-site Scripting vulnerability in multiple products jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. network low complexity jquery oracle CWE-79	6.1
2016-10-25	CVE-2016-5504	Information Exposure vulnerability in Oracle Agile Product Lifecycle Management for Process 6.1.0.4/6.1.1.6/6.2.0.0 Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect confidentiality via vectors related to Supplier Portal. local high complexity oracle CWE-200	4.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.