Vulnerabilities > Oracle > Webcenter Portal > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-23 | CVE-2019-12415 | XXE vulnerability in multiple products In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing. | 5.5 |
| 2019-01-16 | CVE-2019-2427 | Unspecified vulnerability in Oracle Webcenter Portal 11.1.1.9.0/12.2.1.3.0 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). | 5.3 |
| 2018-10-17 | CVE-2018-3254 | Unspecified vulnerability in Oracle Webcenter Portal 11.1.1.9.0/12.2.1.3.0 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: WebCenter Spaces Application). | 5.3 |
| 2018-08-02 | CVE-2018-8032 | Cross-site Scripting vulnerability in multiple products Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. | 6.1 |
| 2018-07-18 | CVE-2018-3101 | Unspecified vulnerability in Oracle Webcenter Portal 11.1.1.9.0/12.2.1.2.0/12.2.1.3.0 Vulnerability in the Oracle WebCenter Portal component of Oracle Fusion Middleware (subcomponent: Portlet Services). | 5.3 |
| 2017-12-01 | CVE-2017-15707 | Improper Input Validation vulnerability in multiple products In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated JSON-lib library which is vulnerable and allow perform a DoS attack using malicious request with specially crafted JSON payload. | 6.2 |