Vulnerabilities > Oracle > Communications Converged Application Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-06 | CVE-2018-1270 | Code Injection vulnerability in multiple products Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 9.8 |
| 2018-01-18 | CVE-2015-9251 | Cross-site Scripting vulnerability in multiple products jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | 6.1 |