Vulnerabilities > Oracle > Hospitality Guest Access > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-11 | CVE-2018-1257 | Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. | 6.5 |
| 2018-04-19 | CVE-2018-2852 | Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.0/4.2.1 Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). | 6.4 |
| 2018-02-28 | CVE-2018-1304 | The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. | 5.9 |
| 2018-01-18 | CVE-2015-9251 | Cross-site Scripting vulnerability in multiple products jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | 6.1 |
| 2018-01-18 | CVE-2018-2607 | Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.1 Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). | 4.9 |
| 2018-01-18 | CVE-2018-2606 | Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.0/4.2.1 Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). | 6.2 |
| 2017-10-19 | CVE-2017-10383 | Information Exposure vulnerability in Oracle Hospitality Guest Access 4.2.0/4.2.1 Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Interface). | 5.3 |
| 2017-10-19 | CVE-2017-10375 | Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.0/4.2.1 Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). | 4.6 |
| 2017-10-19 | CVE-2017-10370 | Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.0/4.2.1 Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). | 6.9 |
| 2017-08-08 | CVE-2017-10219 | Unspecified vulnerability in Oracle Hospitality Guest Access 4.2.0.0/4.2.1.0 Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). | 5.5 |