Vulnerabilities > Oracle > Utilities Framework > 4.3.0.4

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-10173 Code Injection vulnerability in multiple products
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw.
network
low complexity
x-stream oracle CWE-94
critical
 9.8
9.8
2018-08-20 CVE-2018-1000632 XML Injection (aka Blind XPath Injection) vulnerability in multiple products
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element.
network
low complexity
dom4j-project debian oracle redhat netapp CWE-91
7.5
7.5
2018-01-18 CVE-2015-9251 Cross-site Scripting vulnerability in multiple products
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
network
low complexity
jquery oracle CWE-79
6.1
6.1