MidnightBSD

Advisories for jquery

CVE-2007-2379 MEDIUM

The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
jquery jquery -
netapp snapcenter -
CVE-2010-5312 MEDIUM

Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
fedoraproject fedora 36
drupal drupal *
fedoraproject fedora 35
debian debian_linux 9.0
jquery jquery_ui *
debian debian_linux 7.0
apache drill 1.16.0
netapp snapcenter -
CVE-2011-4969 MEDIUM

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
jquery jquery 1.6.1
jquery jquery *
jquery jquery 1.6
CVE-2012-6708 MEDIUM

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
jquery jquery *
CVE-2014-6071 MEDIUM

jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
jquery jquery 1.4.2
CVE-2015-9251 MEDIUM

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
oracle peoplesoft_enterprise_peopletools 8.55
oracle financial_services_reconciliation_framework 8.0.5
oracle retail_allocation 15.0.2
oracle financial_services_asset_liability_management *
oracle communications_webrtc_session_controller *
oracle insurance_insbridge_rating_and_underwriting 5.5
oracle business_process_management_suite 12.1.3.0.0
oracle communications_interactive_session_recorder 6.1
oracle siebel_ui_framework 18.10
oracle service_bus 12.2.1.3.0
oracle fusion_middleware_mapviewer 12.2.1.3.0
oracle financial_services_analytical_applications_infrastructure *
oracle real-time_scheduler 2.3.0
oracle retail_workforce_management_software 1.64.0
oracle primavera_gateway 16.2
jquery jquery *
oracle financial_services_market_risk_measurement_and_management 8.0.6
oracle agile_product_lifecycle_management_for_process 6.2.2.0
oracle financial_services_liquidity_risk_management *
oracle jdeveloper 11.1.1.9.0
oracle financial_services_profitability_management *
oracle enterprise_operations_monitor 4.0
oracle retail_workforce_management_software 1.60.9
oracle utilities_mobile_workforce_management 2.3.0
oracle communications_services_gatekeeper *
oracle jdeveloper 12.1.3.0.0
oracle enterprise_manager_ops_center 12.2.2
oracle peoplesoft_enterprise_peopletools 8.57
oracle utilities_framework *
oracle healthcare_translational_research 3.1.0
oracle primavera_unifier 16.2
oracle financial_services_hedge_management_and_ifrs_valuations *
oracle hospitality_guest_access 4.2.0
oracle banking_platform 2.6.2
oracle agile_product_lifecycle_management_for_process 6.2.0.0
oracle communications_interactive_session_recorder 6.2
oracle webcenter_sites 11.1.1.8.0
oracle retail_customer_insights 15.0
oracle primavera_unifier 16.1
oracle retail_invoice_matching 15.0
oracle business_process_management_suite 11.1.1.9.0
oracle banking_platform 2.6.0
oracle communications_interactive_session_recorder 6.0
oracle hospitality_reporting_and_analytics 9.1.0
oracle communications_converged_application_server *
oracle insurance_insbridge_rating_and_underwriting 5.2
oracle financial_services_market_risk_measurement_and_management 8.0.5
oracle weblogic_server 12.2.1.3
oracle agile_product_lifecycle_management_for_process 6.2.3.1
oracle endeca_information_discovery_studio 3.2.0
oracle primavera_unifier *
oracle endeca_information_discovery_studio 3.1.0
oracle enterprise_operations_monitor 3.4
oracle financial_services_reconciliation_framework 8.0.6
oracle financial_services_data_integration_hub *
oracle business_process_management_suite 12.2.1.3.0
oracle agile_product_lifecycle_management_for_process 6.2.1.0
oracle primavera_gateway 15.2
oracle insurance_insbridge_rating_and_underwriting 5.4
oracle peoplesoft_enterprise_peopletools 8.56
oracle siebel_ui_framework 18.11
oracle hospitality_guest_access 4.2.1
oracle hospitality_materials_control 18.1
oracle healthcare_foundation 7.2
oracle retail_sales_audit 15.0
oracle jd_edwards_enterpriseone_tools 9.2
oracle service_bus 12.1.3.0.0
oracle healthcare_foundation 7.1
oracle financial_services_funds_transfer_pricing *
oracle retail_customer_insights 16.0
oracle financial_services_loan_loss_forecasting_and_provisioning *
oracle hospitality_cruise_fleet_management 9.0.11
oracle jdeveloper 12.2.1.3.0
oracle oss_support_tools 19.1
oracle weblogic_server 12.1.3.0
oracle agile_product_lifecycle_management_for_process 6.2.3.0
oracle primavera_gateway 17.12
oracle enterprise_manager_ops_center 12.3.3
oracle banking_platform 2.6.1
oracle primavera_unifier 18.8
CVE-2016-10707 MEDIUM

jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-674,

Products Affected

Vendor Product Version
jquery jquery 3.0.0
CVE-2016-7103 MEDIUM

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
oracle siebel_ui_framework *
jqueryui jquery_ui 1.10.0
oracle oss_support_tools *
fedoraproject fedora 36
oracle business_intelligence 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
debian debian_linux 9.0
oracle weblogic_server 10.3.6.0.0
oracle weblogic_server 12.1.3.0.0
netapp snapcenter -
oracle business_intelligence 12.2.1.3.0
oracle hospitality_cruise_fleet_management 9.0.11
juniper junos 21.2
redhat openstack 8
fedoraproject fedora 35
redhat openstack 7.0
oracle oss_support_tools 2.12.42
oracle primavera_unifier *
oracle application_express *
jquery jquery_ui *
fedoraproject fedora 30
redhat openstack 9
CVE-2018-18405 MEDIUM

jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
jquery jquery 2.2.2
CVE-2019-11358 MEDIUM

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-1321,

Products Affected

Vendor Product Version
oracle rest_data_services 11.2.0.4
oracle communications_diameter_signaling_router 8.2.1
oracle bi_publisher 5.5.0.0.0
oracle financial_services_enterprise_financial_performance_analytics 8.0.6
oracle communications_diameter_signaling_router 8.0.0
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle financial_services_regulatory_reporting_for_european_banking_authority 8.0.6
oracle tape_library_acsls 8.5
oracle financial_services_profitability_management *
oracle policy_automation_for_mobile_devices *
oracle storagetek_tape_analytics_sw_tool 2.3.0
oracle application_testing_suite 13.2
oracle retail_point-of-service 14.1
oracle financial_services_hedge_management_and_ifrs_valuations *
oracle financial_services_profitability_management 8.1.0
oracle banking_digital_experience 18.1
oracle healthcare_foundation 7.2.0
oracle communications_session_report_manager 8.1.1
oracle enterprise_manager_ops_center 12.4.0
juniper junos 21.2
backdropcms backdrop *
oracle financial_services_analytical_applications_reconciliation_framework 8.1.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle financial_services_enterprise_financial_performance_analytics 8.0.7
oracle financial_services_liquidity_risk_management 8.0.2
oracle hospitality_simphony 18.2
oracle policy_automation 12.1.0
oracle enterprise_session_border_controller 8.4
oracle financial_services_institutional_performance_analytics *
oracle financial_services_data_governance_for_us_regulatory_reporting *
oracle financial_services_data_integration_hub 8.1.0
oracle communications_analytics 12.1.1
oracle primavera_unifier 16.1
oracle weblogic_server 12.1.3.0.0
oracle insurance_accounting_analyzer 8.0.9
oracle financial_services_liquidity_risk_management 8.0.0.1.0
opensuse backports_sle 15.0
oracle financial_services_institutional_performance_analytics 8.1.0
oracle insurance_allocation_manager_for_enterprise_profitability 8.1.0
oracle retail_returns_management 14.1
oracle primavera_unifier *
oracle financial_services_basel_regulatory_capital_basic 8.1.0
oracle financial_services_data_integration_hub *
oracle business_process_management_suite 12.2.1.3.0
oracle financial_services_regulatory_reporting_for_us_federal_reserve *
oracle bi_publisher 12.2.1.3.0
oracle communications_diameter_signaling_router 8.1
oracle peoplesoft_enterprise_peopletools 8.56
oracle application_service_level_management 13.3.0.0
oracle jd_edwards_enterpriseone_tools 9.2
oracle retail_customer_insights 16.0
oracle application_testing_suite 12.5.0.3
oracle financial_services_retail_performance_analytics 8.0.6
oracle communications_interactive_session_recorder *
oracle healthcare_foundation 7.3.0
oracle jdeveloper_and_adf 12.2.1.3.0
oracle agile_product_lifecycle_management_for_process 6.2.3.0
oracle enterprise_manager_ops_center 12.3.3
oracle siebel_mobile_applications *
oracle policy_automation 10.4.7
oracle primavera_gateway *
oracle financial_services_regulatory_reporting_for_european_banking_authority 8.0.7
oracle utilities_mobile_workforce_management *
oracle financial_services_balance_sheet_planning 8.0.8
oracle service_bus 12.2.1.3.0
oracle fusion_middleware_mapviewer 12.2.1.3.0
oracle identity_manager 12.2.1.3.0
oracle insurance_insbridge_rating_and_underwriting 5.6.1.0
oracle financial_services_analytical_applications_infrastructure *
oracle rest_data_services 12.1.0.2
opensuse leap 15.1
oracle financial_services_liquidity_risk_management 8.0.4.0.0
oracle banking_platform *
oracle primavera_gateway 15.2.18
oracle rest_data_services 19c
oracle banking_digital_experience 19.2
oracle weblogic_server 14.1.1.0.0
oracle peoplesoft_enterprise_peopletools 8.57
oracle communications_eagle_application_processor *
oracle insurance_allocation_manager_for_enterprise_profitability 8.0.8
oracle communications_session_route_manager 8.2.1
oracle agile_product_lifecycle_management_for_process 6.2.0.0
oracle financial_services_retail_performance_analytics 8.0.7
oracle retail_central_office 14.0
oracle jdeveloper 12.2.1.4.0
oracle transportation_management 1.4.3
oracle communications_diameter_signaling_router 8.2
oracle siebel_ui_framework 20.8
oracle weblogic_server 10.3.6.0.0
oracle communications_session_route_manager 8.2.0
oracle rest_data_services 18c
oracle policy_automation *
oracle insurance_performance_insight 8.0.7
oracle financial_services_analytical_applications_reconciliation_framework *
redhat virtualization_manager 4.3
oracle banking_digital_experience 18.2
oracle diagnostic_assistant 2.12.36
joomla joomla! *
oracle agile_product_lifecycle_management_for_process 6.2.1.0
oracle communications_element_manager 8.2.0
oracle big_data_discovery 1.6
oracle weblogic_server 12.2.1.3.0
oracle communications_unified_inventory_management 7.3
oracle healthcare_translational_research 3.3.2
oracle healthcare_translational_research 3.4.0
oracle financial_services_loan_loss_forecasting_and_provisioning *
oracle peoplesoft_enterprise_peopletools 8.58
debian debian_linux 8.0
oracle communications_operations_monitor 4.1.0
oracle banking_enterprise_collections *
oracle enterprise_manager_ops_center 12.4.0.0
oracle financial_services_loan_loss_forecasting_and_provisioning 8.1.0
oracle policy_automation_connector_for_siebel 10.4.6
drupal drupal *
oracle retail_customer_management_and_segmentation_foundation 18.0
fedoraproject fedora 29
oracle communications_operations_monitor 3.4
oracle retail_back_office 14.1
jquery jquery *
oracle financial_services_liquidity_risk_management 8.0.5.0.0
oracle communications_billing_and_revenue_management 12.0
oracle agile_product_lifecycle_management_for_process 6.2.2.0
oracle webcenter_sites 12.2.1.3.0
debian debian_linux 10.0
oracle jdeveloper 11.1.1.9.0
oracle communications_services_gatekeeper 7.0
oracle service_bus 11.1.1.9.0
oracle financial_services_liquidity_risk_measurement_and_management 8.0.7
oracle financial_services_price_creation_and_discovery *
oracle healthcare_translational_research 3.1.0
oracle communications_element_manager 8.2.1
oracle communications_operations_monitor 4.0
oracle hospitality_guest_access 4.2.0
oracle communications_session_route_manager 8.1.1
oracle jdeveloper_and_adf 11.1.1.9.0
oracle banking_digital_experience 18.3
oracle banking_digital_experience 20.1
oracle banking_digital_experience 19.1
oracle application_testing_suite 13.3.0.1
oracle communications_operations_monitor *
oracle tape_library_acsls 8.5.1
oracle communications_application_session_controller 3.8m0
oracle knowledge *
oracle rest_data_services 12.2.0.1
oracle communications_session_report_manager 8.2.1
oracle financial_services_retail_customer_analytics *
oracle insurance_insbridge_rating_and_underwriting *
oracle hospitality_guest_access 4.2.1
oracle hospitality_materials_control 18.1
fedoraproject fedora 28
oracle financial_services_funds_transfer_pricing 8.1.0
oracle communications_billing_and_revenue_management 7.5
oracle bi_publisher 12.2.1.4.0
oracle application_testing_suite 13.3
oracle service_bus 12.1.3.0.0
oracle financial_services_funds_transfer_pricing *
oracle business_process_management_suite 12.2.1.4.0
oracle jdeveloper 12.2.1.3.0
oracle application_express *
oracle financial_services_basel_regulatory_capital_internal_ratings_based_approach 8.1.0
oracle policy_automation 12.1.1
oracle primavera_unifier 18.8
oracle healthcare_translational_research 3.3.1
oracle peoplesoft_enterprise_peopletools 8.55
oracle weblogic_server 12.2.1.4.0
oracle communications_session_report_manager 8.2.0
oracle financial_services_basel_regulatory_capital_basic *
oracle financial_services_asset_liability_management *
oracle insurance_ifrs_17_analyzer 8.0.6
oracle retail_returns_management 14.0
oracle system_utilities 19.1
netapp snapcenter -
oracle healthcare_foundation 7.1.1
redhat cloudforms 4.7
oracle financial_services_market_risk_measurement_and_management 8.0.8
oracle financial_services_market_risk_measurement_and_management 8.0.6
oracle healthcare_foundation 7.2.2
oracle application_service_level_management 13.2.0.0
oracle communications_element_manager 8.1.1
oracle jdeveloper_and_adf 12.1.3.0.0
oracle hospitality_simphony 18.1
oracle insurance_ifrs_17_analyzer 8.0.7
oracle financial_services_asset_liability_management 8.1.0
oracle primavera_unifier 16.2
oracle communications_unified_inventory_management 7.4.0
fedoraproject fedora 30
oracle retail_central_office 14.1
oracle financial_services_hedge_management_and_ifrs_valuations 8.1.0
oracle retail_customer_insights 15.0
oracle hospitality_simphony *
oracle retail_point-of-service 14.0
oracle real-time_scheduler *
oracle healthcare_translational_research 3.2.1
oracle communications_billing_and_revenue_management 7.5.0.23.0
oracle financial_services_market_risk_measurement_and_management 8.0.5
oracle financial_services_liquidity_risk_management 8.0.6
oracle financial_services_data_foundation *
oracle retail_back_office 14.0
debian debian_linux 9.0
oracle application_testing_suite 13.1.0.1
oracle financial_services_revenue_management_and_billing 2.4.0.1
oracle communications_webrtc_session_controller 7.2
oracle application_testing_suite 13.2.0.1
oracle financial_services_liquidity_risk_measurement_and_management 8.1.0
oracle financial_services_basel_regulatory_capital_internal_ratings_based_approach *
oracle insurance_data_foundation *
netapp oncommand_system_manager *
oracle financial_services_liquidity_risk_measurement_and_management 8.0.8
oracle financial_services_regulatory_reporting_for_de_nederlandsche_bank 8.0.4
oracle financial_services_revenue_management_and_billing 2.4.0.0
oracle agile_product_lifecycle_management_for_process 6.1
CVE-2020-11022 MEDIUM

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
security-advisories@github.com 6.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N 1.6 4.7
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
oracle financial_services_loan_loss_forecasting_and_provisioning 8.1.0
oracle policy_automation_connector_for_siebel 10.4.6
drupal drupal *
netapp h700s_firmware -
oracle financial_services_regulatory_reporting_for_european_banking_authority *
oracle financial_services_asset_liability_management 8.0.7
oracle retail_back_office 14.1
oracle retail_customer_management_and_segmentation_foundation 19.0
jquery jquery *
netapp h500s_firmware -
oracle jdeveloper 11.1.1.9.0
oracle communications_services_gatekeeper 7.0
oracle policy_automation_for_mobile_devices *
oracle financial_services_liquidity_risk_measurement_and_management 8.0.7
oracle communications_diameter_signaling_router_idih: *
oracle financial_services_hedge_management_and_ifrs_valuations *
oracle financial_services_profitability_management 8.1.0
oracle banking_digital_experience 18.1
oracle healthcare_foundation 7.2.0
netapp h500e_firmware -
oracle financial_services_analytical_applications_reconciliation_framework 8.1.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle hospitality_simphony 18.2
oracle enterprise_session_border_controller 8.4
oracle banking_digital_experience 18.3
netapp h700e_firmware -
oracle banking_digital_experience 20.1
oracle banking_digital_experience 19.1
oracle application_testing_suite 13.3.0.1
oracle financial_services_data_governance_for_us_regulatory_reporting *
oracle financial_services_data_integration_hub 8.1.0
netapp h300e_firmware -
oracle weblogic_server 12.1.3.0.0
oracle communications_application_session_controller 3.8m0
oracle insurance_accounting_analyzer 8.0.9
oracle financial_services_institutional_performance_analytics 8.1.0
oracle insurance_allocation_manager_for_enterprise_profitability 8.1.0
oracle retail_returns_management 14.1
opensuse leap 15.2
oracle financial_services_basel_regulatory_capital_basic 8.1.0
oracle financial_services_regulatory_reporting_for_us_federal_reserve *
oracle financial_services_profitability_management 8.0.7
oracle peoplesoft_enterprise_peopletools 8.56
oracle insurance_insbridge_rating_and_underwriting *
netapp h300s_firmware -
oracle hospitality_materials_control 18.1
oracle financial_services_funds_transfer_pricing 8.1.0
tenable log_correlation_engine *
oracle jdeveloper 12.2.1.3.0
oracle banking_digital_experience *
oracle healthcare_foundation 7.3.0
oracle financial_services_basel_regulatory_capital_internal_ratings_based_approach 8.1.0
oracle blockchain_platform *
oracle weblogic_server 12.2.1.4.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_basel_regulatory_capital_basic *
fedoraproject fedora 32
oracle financial_services_price_creation_and_discovery 8.0.7
netapp h410c_firmware -
oracle retail_returns_management 14.0
netapp snapcenter -
netapp oncommand_insight -
oracle financial_services_balance_sheet_planning 8.0.8
oracle healthcare_foundation 7.1.1
oracle financial_services_market_risk_measurement_and_management 8.0.8
oracle insurance_insbridge_rating_and_underwriting 5.6.1.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_market_risk_measurement_and_management 8.0.6
oracle financial_services_funds_transfer_pricing 8.0.7
opensuse leap 15.1
oracle financial_services_institutional_performance_analytics 8.0.6
oracle hospitality_simphony 18.1
oracle banking_digital_experience 19.2
oracle weblogic_server 14.1.1.0.0
oracle peoplesoft_enterprise_peopletools 8.57
oracle financial_services_asset_liability_management 8.1.0
oracle communications_eagle_application_processor *
oracle insurance_allocation_manager_for_enterprise_profitability 8.0.8
oracle agile_product_lifecycle_management_for_process 6.2.0.0
oracle financial_services_institutional_performance_analytics 8.0.7
oracle agile_product_supplier_collaboration_for_process 6.2.0.0
oracle jdeveloper 12.2.1.4.0
oracle financial_services_hedge_management_and_ifrs_valuations 8.1.0
oracle hospitality_simphony 19.1.0-19.1.2
oracle siebel_ui_framework 20.8
oracle hospitality_simphony *
oracle weblogic_server 10.3.6.0.0
fedoraproject fedora 31
oracle financial_services_profitability_management 8.0.6
netapp h410s_firmware -
oracle insurance_data_foundation 8.0.6-8.1.0
oracle policy_automation *
oracle communications_billing_and_revenue_management 7.5.0.23.0
fedoraproject fedora 33
oracle financial_services_funds_transfer_pricing 8.0.6
oracle financial_services_liquidity_risk_management 8.0.6
oracle financial_services_analytical_applications_reconciliation_framework *
oracle banking_digital_experience 18.2
oracle financial_services_data_foundation *
netapp max_data -
oracle retail_back_office 14.0
oracle weblogic_server 12.2.1.3.0
debian debian_linux 9.0
netapp snap_creator_framework -
oracle financial_services_data_integration_hub 8.0.7
oracle communications_webrtc_session_controller 7.2
oracle financial_services_loan_loss_forecasting_and_provisioning *
oracle financial_services_liquidity_risk_measurement_and_management 8.1.0
oracle financial_services_basel_regulatory_capital_internal_ratings_based_approach *
oracle insurance_data_foundation *
netapp oncommand_system_manager *
oracle storagetek_acsls 8.5.1
oracle peoplesoft_enterprise_peopletools 8.58
oracle financial_services_data_integration_hub 8.0.6
oracle financial_services_asset_liability_management 8.0.6
oracle financial_services_liquidity_risk_measurement_and_management 8.0.8
oracle healthcare_foundation 7.2.1
oracle enterprise_manager_ops_center 12.4.0.0
CVE-2020-11023 MEDIUM

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
oracle healthcare_translational_research 3.3.1
oracle rest_data_services 11.2.0.4
oracle blockchain_platform *
netapp cloud_insights_storage_workload_security_agent -
oracle weblogic_server 12.2.1.4.0
oracle communications_session_report_manager 8.2.0
oracle health_sciences_inform 6.3.0
drupal drupal *
oracle primavera_gateway *
fedoraproject fedora 32
netapp h700s_firmware -
oracle communications_operations_monitor 3.4
netapp h410c_firmware -
oracle jd_edwards_enterpriseone_tools *
netapp snapcenter_server -
netapp oncommand_insight -
oracle hyperion_financial_reporting 11.1.2.4
oracle siebel_mobile *
jquery jquery *
oracle rest_data_services 12.1.0.2
netapp h500s_firmware -
oracle webcenter_sites 12.2.1.3.0
oracle oss_support_tools *
oracle business_intelligence 5.9.0.0.0
oracle communications_services_gatekeeper 7.0
oracle communications_element_manager 8.1.1
oracle banking_platform *
oracle storagetek_tape_analytics_sw_tool 2.3.1
oracle rest_data_services 19c
oracle weblogic_server 14.1.1.0.0
oracle communications_element_manager 8.2.1
oracle communications_eagle_application_processor *
oracle communications_session_report_manager 8.1.1
netapp h500e_firmware -
oracle communications_session_route_manager 8.1.1
oracle financial_services_revenue_management_and_billing_analytics 2.8
oracle communications_session_route_manager 8.2.1
netapp h700e_firmware -
oracle blockchain_platform 21.1.2
netapp hci_baseboard_management_controller -
oracle application_testing_suite 13.3.0.1
oracle communications_operations_monitor *
oracle communications_analytics 12.1.1
netapp h300e_firmware -
fedoraproject fedora 31
oracle weblogic_server 12.1.3.0.0
netapp h410s_firmware -
oracle communications_session_route_manager 8.2.0
oracle healthcare_translational_research 3.2.1
oracle rest_data_services 18c
netapp active_iq_unified_manager -
fedoraproject fedora 33
oracle rest_data_services 12.2.0.1
oracle communications_session_report_manager 8.2.1
netapp max_data -
oracle jd_edwards_enterpriseone_orchestrator *
oracle communications_element_manager 8.2.0
oracle peoplesoft_enterprise_human_capital_management_resources 9.2
oracle weblogic_server 12.2.1.3.0
debian debian_linux 9.0
netapp h300s_firmware -
netapp snap_creator_framework -
netapp cloud_backup -
oracle healthcare_translational_research 3.3.2
oracle healthcare_translational_research 3.4.0
tenable log_correlation_engine *
oracle communications_interactive_session_recorder *
netapp oncommand_system_manager *
oracle financial_services_revenue_management_and_billing_analytics 2.7
oracle webcenter_sites 12.2.1.4.0
oracle application_express *
oracle storagetek_acsls 8.5.1
oracle financial_services_regulatory_reporting_for_de_nederlandsche_bank 8.0.4
oracle banking_enterprise_collections *
CVE-2020-7656 MEDIUM

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
netapp active_iq_unified_manager -
juniper junos 21.2
netapp oncommand_system_manager *
oracle peoplesoft_enterprise_peopletools 8.58
netapp snap_creator_framework -
jquery jquery *
netapp cloud_backup -