Vulnerabilities > Oracle > Apex > 2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-18 | CVE-2007-3860 | SQL-Injection vulnerability in Apex Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. | 7.5 |
| 2007-07-18 | CVE-2007-3854 | Unspecified vulnerability in Oracle products Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12). | 5.5 |
| 2007-03-07 | CVE-2006-7158 | Cross-Site Scripting vulnerability in Oracle Apex 2.0/2.1/2.2 Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter. network oracle | 4.3 |
| 2006-10-28 | CVE-2006-5599 | Cross-Site Scripting vulnerability in Oracle Apex 2.2 Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. network oracle | 4.3 |