Latest oracle commerce merchandising Vulnerabilities

● CVE-2022-24729

CKEditor is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the dialog plugin. By sending a specially-crafted regex input, a remote attacker could e...

Ckeditor Ckeditor>=4.0<4.18.0

Drupal Drupal>=8.0.0<9.2.15

Drupal Drupal>=9.3.0<9.3.8

Oracle Application Express<22.1.1

Oracle Commerce Merchandising=11.3.2

Oracle Financial Services Analytical Applications Infrastructure>=8.0.7.0.0<=8.1.0.0.0

and 14 more

● CVE-2022-24728

CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to inject malicious script into a...

Ckeditor Ckeditor>=4.0<4.18.0

Drupal Drupal>=8.0.0<9.2.15

Drupal Drupal>=9.3.0<9.3.8

Oracle Application Express<22.1.1

Oracle Commerce Merchandising=11.3.2

Oracle Financial Services Analytical Applications Infrastructure>=8.0.7.0.0<=8.1.0.0.0

and 14 more

● CVE-2021-37695

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) packag...

Ckeditor Ckeditor<4.16.2

Debian Debian Linux=9.0

Fedoraproject Fedora=33

Fedoraproject Fedora=34

Fedoraproject Fedora=35

Oracle Application Express<21.1.4

and 14 more

● CVE-2021-32808

CKEditor is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the clipboard Widget plugin if used alongside the undo feature. A remote attacker could exploit ...

Ckeditor Ckeditor>=4.13.0<4.16.2

Fedoraproject Fedora=33

Fedoraproject Fedora=34

Fedoraproject Fedora=35

Oracle Application Express<21.1.4

Oracle Banking Party Management=2.7.0

and 14 more

● CVE-2021-32809

CKEditor is vulnerable to HTML injection. A remote authenticated attacker could inject malicious HTML code into the editor, which when viewed, would abuse the paste functionality and executed in the v...

Ckeditor Ckeditor>=4.5.2<4.16.2

Fedoraproject Fedora=33

Fedoraproject Fedora=34

Fedoraproject Fedora=35

Oracle Application Express<21.1.4

Oracle Banking Party Management=2.7.0

and 9 more

● CVE-2020-27193

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML cod...

Ckeditor Ckeditor=4.15.0

Oracle Agile PLM=9.3.5

Oracle Agile PLM=9.3.6

Oracle Application Express<21.1.0.00.01

Oracle Banking Party Management=2.7.0

Oracle Banking Platform=2.4.0

and 19 more

● CVE-2019-2713

Vulnerability in the Oracle Commerce Merchandising component of Oracle Commerce (subcomponent: Asset Manager). The supported version that is affected is 11.2.0.3. Easily exploitable vulnerability allo...

Oracle Commerce Merchandising=11.2.0.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.