Oracle

Webcenter Sites

53 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2019-2579

  • EPSS 59.99%
  • Published 23.04.2019 19:32:49
  • Last modified 21.11.2024 04:41:08

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access v...

8.6

CVE-2019-2578

  • EPSS 68.92%
  • Published 23.04.2019 19:32:49
  • Last modified 21.11.2024 04:41:08

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access ...

7.5

CVE-2019-5427

Exploit
  • EPSS 6.91%
  • Published 22.04.2019 21:29:00
  • Last modified 05.09.2025 17:23:58

c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration.

6.1

CVE-2019-11358

Exploit
  • EPSS 2.4%
  • Published 20.04.2019 00:29:00
  • Last modified 21.11.2024 04:20:56

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...

9.8

CVE-2019-0228

  • EPSS 7.84%
  • Published 17.04.2019 15:29:00
  • Last modified 21.11.2024 04:16:32

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

7.5

CVE-2018-15756

  • EPSS 13.38%
  • Published 18.10.2018 22:29:00
  • Last modified 21.11.2024 03:51:24

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler,...

6.9

CVE-2018-3238

  • EPSS 30.48%
  • Published 17.10.2018 01:31:25
  • Last modified 21.11.2024 04:05:30

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows high privileged attacker with network access ...

8.2

CVE-2018-2791

  • EPSS 87.02%
  • Published 19.04.2018 02:29:03
  • Last modified 21.11.2024 04:04:27

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated att...

6.1

CVE-2015-9251

  • EPSS 9.84%
  • Published 18.01.2018 23:29:00
  • Last modified 21.11.2024 02:40:09

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

4.3

CVE-2018-2584

  • EPSS 0.2%
  • Published 18.01.2018 02:29:18
  • Last modified 21.11.2024 04:03:59

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). The supported version that is affected is 11.1.1.8.0. Easily exploitable vulnerability allows low privileged attacker with network access v...