Vulnerabilities > Oracle > Application Express > 4.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-21 | CVE-2021-2460 | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. network oracle | 4.9 |
2021-06-28 | CVE-2021-32723 | Resource Exhaustion vulnerability in multiple products Prism is a syntax highlighting library. | 4.3 |
2021-01-26 | CVE-2021-26272 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin). | 4.3 |
2021-01-26 | CVE-2021-26271 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin). | 4.3 |
2020-11-12 | CVE-2020-27193 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. | 4.3 |
2020-10-30 | CVE-2020-7760 | Resource Exhaustion vulnerability in multiple products This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. | 5.0 |
2020-10-21 | CVE-2020-14900 | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. network oracle | 4.9 |
2020-10-21 | CVE-2020-14899 | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. network oracle | 4.9 |
2020-10-21 | CVE-2020-14898 | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. network oracle | 4.9 |
2020-10-21 | CVE-2020-14763 | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. network oracle | 4.9 |