Vulnerabilities > Oracle > Peoplesoft Enterprise Peopletools > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-15 CVE-2020-14558 Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).
network
low complexity
oracle
5.3
2020-05-19 CVE-2020-7656 Cross-site Scripting vulnerability in multiple products
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method.
network
low complexity
jquery oracle netapp juniper CWE-79
6.1
2020-04-29 CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. 6.1
2020-04-15 CVE-2020-2868 Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Diagnostic Framework).
network
low complexity
oracle
6.1
2020-04-15 CVE-2020-2797 Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Process Scheduler).
network
low complexity
oracle
6.1
2020-04-15 CVE-2020-2775 Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).
network
low complexity
oracle
5.3
2020-04-15 CVE-2020-2751 Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).
network
low complexity
oracle
6.1
2020-04-01 CVE-2020-1954 Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus.
high complexity
apache oracle netapp
5.3
2020-03-07 CVE-2020-9281 Cross-site Scripting vulnerability in multiple products
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).
network
low complexity
ckeditor fedoraproject drupal oracle CWE-79
6.1
2020-01-15 CVE-2020-2687 Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Elastic Search).
network
low complexity
oracle
4.3