Vulnerabilities > Oracle > Application Express > 3.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-10-21 | CVE-2020-14762 | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express component of Oracle Database Server. network oracle | 4.9 |
2020-10-07 | CVE-2020-26870 | Cross-site Scripting vulnerability in multiple products Cure53 DOMPurify before 2.0.17 allows mutation XSS. | 4.3 |
2020-04-29 | CVE-2020-11023 | Cross-site Scripting vulnerability in multiple products In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. | 6.1 |
2020-04-15 | CVE-2020-2514 | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express component of Oracle Database Server. network oracle | 4.9 |
2020-03-07 | CVE-2020-9281 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax). | 6.1 |
2019-04-20 | CVE-2019-11358 | jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. | 6.1 |
2018-01-18 | CVE-2018-2699 | Unspecified vulnerability in Oracle Application Express Vulnerability in the Application Express component of Oracle Database Server. network oracle | 5.8 |
2017-03-15 | CVE-2016-7103 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. | 6.1 |
2016-07-21 | CVE-2016-3467 | Remote Security vulnerability in Oracle Application Express Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors. | 5.0 |
2016-07-21 | CVE-2016-3448 | Remote Security vulnerability in Oracle Application Express Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors. network oracle | 5.8 |