Vulnerabilities > Oracle > Application Express

DATE CVE VULNERABILITY TITLE RISK
2021-08-12 CVE-2021-32809 Cross-site Scripting vulnerability in multiple products
ckeditor is an open source WYSIWYG HTML editor with rich content support.
network
low complexity
ckeditor fedoraproject oracle CWE-79
5.4
2021-06-28 CVE-2021-32723 Prism is a syntax highlighting library.
network
low complexity
prismjs oracle
6.5
2021-01-26 CVE-2021-26272 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).
network
low complexity
ckeditor oracle CWE-829
6.5
2021-01-26 CVE-2021-26271 Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products
It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin).
network
low complexity
ckeditor oracle CWE-829
6.5
2020-11-12 CVE-2020-27193 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.
network
low complexity
ckeditor oracle CWE-79
6.1
2020-10-30 CVE-2020-7760 Resource Exhaustion vulnerability in multiple products
This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2.
network
low complexity
codemirror oracle CWE-400
7.5
2020-10-07 CVE-2020-26870 Cross-site Scripting vulnerability in multiple products
Cure53 DOMPurify before 2.0.17 allows mutation XSS.
network
low complexity
cure53 debian microsoft oracle CWE-79
6.1
2020-07-15 CVE-2020-2977 Unspecified vulnerability in Oracle Application Express
Vulnerability in the Oracle Application Express component of Oracle Database Server.
network
low complexity
oracle
4.6
2020-07-15 CVE-2020-2976 Unspecified vulnerability in Oracle Application Express
Vulnerability in the Oracle Application Express component of Oracle Database Server.
network
low complexity
oracle
5.4
2020-07-15 CVE-2020-2975 Unspecified vulnerability in Oracle Application Express
Vulnerability in the Oracle Application Express component of Oracle Database Server.
network
low complexity
oracle
5.4