Vulnerabilities > Oracle > Application Express > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-04-29 CVE-2020-11023 Cross-site Scripting vulnerability in multiple products
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e.
6.1
2020-04-15 CVE-2020-2514 Unspecified vulnerability in Oracle Application Express
Vulnerability in the Oracle Application Express component of Oracle Database Server.
network
low complexity
oracle
4.6
2020-03-07 CVE-2020-9281 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
network
low complexity
ckeditor fedoraproject drupal oracle CWE-79
6.1
2019-11-08 CVE-2019-10219 Cross-site Scripting vulnerability in multiple products
A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle CWE-79
6.1
2019-04-20 CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. 6.1
2018-01-18 CVE-2018-2699 Unspecified vulnerability in Oracle Application Express
Vulnerability in the Application Express component of Oracle Database Server.
network
low complexity
oracle
6.1
2017-03-15 CVE-2016-7103 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
6.1
2016-07-21 CVE-2016-3467 Unspecified vulnerability in Oracle Application Express
Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors.
network
low complexity
oracle
5.8
2016-07-21 CVE-2016-3448 Unspecified vulnerability in Oracle Application Express
Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors.
network
low complexity
oracle
6.1