Oracle

Application Express

47 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2020-27193

  • EPSS 0.91%
  • Veröffentlicht 12.11.2020 21:15:11
  • Zuletzt bearbeitet 21.11.2024 05:20:50

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.

7.5

CVE-2020-7760

Exploit
  • EPSS 0.34%
  • Veröffentlicht 30.10.2020 11:15:12
  • Zuletzt bearbeitet 21.11.2024 05:37:45

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836...

4.9

CVE-2020-14899

  • EPSS 0.19%
  • Veröffentlicht 21.10.2020 15:15:26
  • Zuletzt bearbeitet 21.11.2024 05:04:26

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account priv...

4.9

CVE-2020-14900

  • EPSS 0.19%
  • Veröffentlicht 21.10.2020 15:15:26
  • Zuletzt bearbeitet 21.11.2024 05:04:26

Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account pri...

4.9

CVE-2020-14898

  • EPSS 0.19%
  • Veröffentlicht 21.10.2020 15:15:26
  • Zuletzt bearbeitet 21.11.2024 05:04:26

Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account priv...

4.9

CVE-2020-14763

  • EPSS 0.19%
  • Veröffentlicht 21.10.2020 15:15:17
  • Zuletzt bearbeitet 21.11.2024 05:04:05

Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privile...

4.9

CVE-2020-14762

  • EPSS 0.19%
  • Veröffentlicht 21.10.2020 15:15:16
  • Zuletzt bearbeitet 21.11.2024 05:04:05

Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network a...

6.1

CVE-2020-26870

Exploit
  • EPSS 0.29%
  • Veröffentlicht 07.10.2020 16:15:18
  • Zuletzt bearbeitet 21.11.2024 05:20:23

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.

5.4

CVE-2020-2971

  • EPSS 0.19%
  • Veröffentlicht 15.07.2020 18:15:38
  • Zuletzt bearbeitet 21.11.2024 05:26:45

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access ...

5.4

CVE-2020-2972

  • EPSS 0.24%
  • Veröffentlicht 15.07.2020 18:15:38
  • Zuletzt bearbeitet 21.11.2024 05:26:45

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access ...