Vulnerabilities > Oracle > Webcenter Sites > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-18 | CVE-2021-45105 | Uncontrolled Recursion vulnerability in multiple products Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. | 5.9 |
| 2021-08-12 | CVE-2021-32808 | ckeditor is an open source WYSIWYG HTML editor with rich content support. | 5.4 |
| 2021-03-19 | CVE-2021-27906 | A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. | 5.5 |
| 2021-03-19 | CVE-2021-27807 | Excessive Iteration vulnerability in multiple products A carefully crafted PDF file can trigger an infinite loop while loading the file. | 5.5 |
| 2021-01-26 | CVE-2021-26272 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin). | 6.5 |
| 2021-01-26 | CVE-2021-26271 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plugin). | 6.5 |
| 2020-07-15 | CVE-2020-14613 | Cross-site Scripting vulnerability in Oracle Webcenter Sites 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced User Interface). | 6.1 |
| 2020-04-29 | CVE-2020-11023 | In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. | 6.1 |
| 2020-01-15 | CVE-2020-2539 | Unspecified vulnerability in Oracle Webcenter Sites 12.2.1.3.0 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). | 6.1 |
| 2019-10-23 | CVE-2019-12415 | XXE vulnerability in multiple products In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially crafted document can allow an attacker to read files from the local filesystem or from internal network resources via XML External Entity (XXE) Processing. | 5.5 |