Latest oracle application express Vulnerabilities

Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Team Calend...
Oracle Application Express>=18.2<=22.1
Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Supported versions that are affected are Application Express Administration: 18.2-22.2...
Oracle Application Express>=18.2<=22.2
Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Customers Plugi...
Oracle Application Express>=18.2<=22.2
CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the dialog plugin. By sending a specially-crafted regex input, a remote attacker could e...
Ckeditor Ckeditor>=4.0<4.18.0
Drupal Drupal>=8.0.0<9.2.15
Drupal Drupal>=9.3.0<9.3.8
Oracle Application Express<22.1.1
Oracle Commerce Merchandising=11.3.2
Oracle Financial Services Analytical Applications Infrastructure>=8.0.7.0.0<=8.1.0.0.0
and 14 more
CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a...
Ckeditor Ckeditor>=4.0<4.18.0
Drupal Drupal>=8.0.0<9.2.15
Drupal Drupal>=9.3.0<9.3.8
Oracle Application Express<22.1.1
Oracle Commerce Merchandising=11.3.2
Oracle Financial Services Analytical Applications Infrastructure>=8.0.7.0.0<=8.1.0.0.0
and 14 more
### Affected packages The vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4. ### Impact A potential vulnerability has been discovered ...
Ckeditor Ckeditor<4.17.0
Drupal Drupal>=8.9.0<8.9.20
Drupal Drupal>=9.1.0<9.1.14
Drupal Drupal>=9.2.0<9.2.9
Oracle Agile Product Lifecycle Management=9.3.6
Oracle Application Express<22.1
and 19 more
CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content Filter (ACF) module and may affect all plugins used by CKEditor 4. The...
Ckeditor Ckeditor>=4.0<4.17.0
Drupal Drupal>=8.9.0<8.9.20
Drupal Drupal>=9.1.0<9.1.14
Drupal Drupal>=9.2.0<9.2.9
Oracle Banking Apis>=18.1<=18.3
Oracle Banking Apis=19.1
and 19 more
### Impact Accepting the value of the `of` option of the [`.position()`](https://api.jqueryui.com/position/) util from untrusted sources may execute untrusted code. For example, invoking the following...
rubygems/jquery-ui-rails<7.0.0
nuget/jQuery.UI.Combined<1.13.0
maven/org.webjars.npm:jquery-ui<1.13.0
npm/jquery-ui<1.13.0
IBM QRadar SIEM<=7.5.0 GA
IBM QRadar SIEM<=7.4.3 GA - 7.4.3 FP4
and 75 more
### Impact Accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: ```js...
rubygems/jquery-ui-rails<7.0.0
maven/org.webjars.npm:jquery-ui<1.13.0
nuget/jQuery.UI.Combined<1.13.0
npm/jquery-ui<1.13.0
IBM QRadar SIEM<=7.5.0 GA
IBM QRadar SIEM<=7.4.3 GA - 7.4.3 FP4
and 126 more
### Impact Accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: ```...
ubuntu/jqueryui<1.10.1+dfsg-1ubuntu0.14.04.1~
ubuntu/jqueryui<1.13.0
ubuntu/jqueryui<1.12.1+dfsg-5ubuntu0.18.04.1~
ubuntu/jqueryui<1.12.1+dfsg-5ubuntu0.20.04.1
ubuntu/jqueryui<1.10.1+dfsg-1ubuntu0.16.04.1~
rubygems/jquery-ui-rails<7.0.0
and 116 more
ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) packag...
Ckeditor Ckeditor<4.16.2
Debian Debian Linux=9.0
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Oracle Application Express<21.1.4
and 14 more
CKEditor is vulnerable to HTML injection. A remote authenticated attacker could inject malicious HTML code into the editor, which when viewed, would abuse the paste functionality and executed in the v...
Ckeditor Ckeditor>=4.5.2<4.16.2
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Oracle Application Express<21.1.4
Oracle Banking Party Management=2.7.0
and 9 more
CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clipboard Widget plugin if used alongside the undo feature. A remote attacker could exploit ...
Ckeditor Ckeditor>=4.13.0<4.16.2
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Oracle Application Express<21.1.4
Oracle Banking Party Management=2.7.0
and 14 more
Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 21.1.0.00.04. Easily exploitable vulnerability all...
Oracle Application Express<21.1.0.00.04
Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS). When Prism is used to highlight untrusted (user-given) text, an att...
Prismjs Prism<1.24.0
Oracle Application Express<21.1.4
CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the Advanced Tab for Dialogs plugin. By persuading a victim to paste specially-crafted t...
Ckeditor Ckeditor>=4.0<4.16
Oracle Agile PLM=9.3.5
Oracle Agile PLM=9.3.6
Oracle Application Express<21.1.0
Oracle Financial Services Analytical Applications Infrastructure>=8.0.6<=8.0.9
Oracle Financial Services Analytical Applications Infrastructure=8.1.0
and 7 more
A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML cod...
Ckeditor Ckeditor=4.15.0
Oracle Agile PLM=9.3.5
Oracle Agile PLM=9.3.6
Oracle Application Express<21.1.0.00.01
Oracle Banking Party Management=2.7.0
Oracle Banking Platform=2.4.0
and 19 more
Node.js codemirror module is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw. By using sub-pattern (s|/*.*?*/)*, a remote attacker could exploit this v...
debian/codemirror-js
Codemirror Codemirror<5.58.2
Oracle Application Express<20.2
Oracle Enterprise Manager Express User Interface=19c
Oracle Essbase=21.2
Oracle Hyperion Data Relationship Management<11.2.9.0
and 4 more
Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low ...
Oracle Application Express<20.2
Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low...
Oracle Application Express<20.2
Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low ...
Oracle Application Express<20.2
Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low pri...
Oracle Application Express<20.2
Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged att...
Oracle Application Express<20.2
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, a...
Cure53 DOMPurify<2.0.17
Debian Debian Linux=9.0
Microsoft Visual Studio 2017=15.9
Microsoft Visual Studio 2019=16.0
Microsoft Visual Studio 2019=16.4
Microsoft Visual Studio 2019=16.7
and 2 more
Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker ...
Oracle Application Express>=5.1<=19.2
Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker ...
Oracle Application Express>=5.1<=19.2
Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker ...
Oracle Application Express>=5.1<=19.2
Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker ...
Oracle Application Express>=5.1<=19.2
Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker ...
Oracle Application Express>=5.1<=19.2
Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker ...
Oracle Application Express>=5.1<=19.2
### Impact Passing HTML containing `<option>` elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods (i.e. `.html()`, `.append()`, and others) may e...
maven/org.webjars.npm:jquery>=1.0.3<3.5.0
nuget/jQuery>=1.0.3<3.5.0
rubygems/jquery-rails<4.4.0
npm/jquery>=1.0.3<3.5.0
debian/jquery
debian/node-jquery<=2.2.4+dfsg-4
and 105 more
Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Prior to 19.2. Easily exploitable vulnerability allows low privileged att...
Oracle Application Express<19.2
A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with th...
Ckeditor Ckeditor>=4.0<4.14
Fedoraproject Fedora=30
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Drupal Drupal>=8.7.0<8.7.12
Drupal Drupal>=8.8.0<8.8.4
and 20 more
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This...
redhat/eap7-apache-cxf<0:3.2.11-1.redhat_00001.1.el6ea
redhat/eap7-glassfish-jsf<0:2.3.5-6.SP3_redhat_00004.1.el6ea
redhat/eap7-hal-console<0:3.0.19-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate<0:5.3.14-1.Final_redhat_00001.1.el6ea
redhat/eap7-hibernate-validator<0:6.0.18-1.Final_redhat_00001.1.el6ea
redhat/eap7-jackson-annotations<0:2.9.10-1.redhat_00003.1.el6ea
and 779 more
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the `extend` function could lead to modifying objects up the prototype chain, including the global Object. A crafted J...
maven/org.webjars.npm:jquery>=1.1.4<3.4.0
nuget/jQuery>=1.1.4<3.4.0
npm/jquery>=1.1.4<3.4.0
pip/django>=2.2a1<2.2.2
pip/django>=2.0a1<2.1.9
rubygems/jquery-rails<4.3.4
and 267 more

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203