Oracle

Application Express

47 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2020-27193

  • EPSS 0.91%
  • Published 12.11.2020 21:15:11
  • Last modified 21.11.2024 05:20:50

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.

7.5

CVE-2020-7760

Exploit
  • EPSS 0.34%
  • Published 30.10.2020 11:15:12
  • Last modified 21.11.2024 05:37:45

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836...

4.9

CVE-2020-14899

  • EPSS 0.19%
  • Published 21.10.2020 15:15:26
  • Last modified 21.11.2024 05:04:26

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account priv...

4.9

CVE-2020-14900

  • EPSS 0.19%
  • Published 21.10.2020 15:15:26
  • Last modified 21.11.2024 05:04:26

Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account pri...

4.9

CVE-2020-14898

  • EPSS 0.19%
  • Published 21.10.2020 15:15:26
  • Last modified 21.11.2024 05:04:26

Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account priv...

4.9

CVE-2020-14763

  • EPSS 0.19%
  • Published 21.10.2020 15:15:17
  • Last modified 21.11.2024 05:04:05

Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privile...

4.9

CVE-2020-14762

  • EPSS 0.19%
  • Published 21.10.2020 15:15:16
  • Last modified 21.11.2024 05:04:05

Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network a...

6.1

CVE-2020-26870

Exploit
  • EPSS 0.29%
  • Published 07.10.2020 16:15:18
  • Last modified 21.11.2024 05:20:23

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.

5.4

CVE-2020-2971

  • EPSS 0.19%
  • Published 15.07.2020 18:15:38
  • Last modified 21.11.2024 05:26:45

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access ...

5.4

CVE-2020-2972

  • EPSS 0.24%
  • Published 15.07.2020 18:15:38
  • Last modified 21.11.2024 05:26:45

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access ...