Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Oracle Subscribe
Filtered by product Healthcare Foundation

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11022 8 Debian, Drupal, Fedoraproject and 5 more 78 Debian Linux, Drupal, Fedora and 75 more 2022-07-25 4.3 MEDIUM 6.1 MEDIUM
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2019-10219 3 Netapp, Oracle, Redhat 194 Active Iq Unified Manager, Element, Management Services For Element Software And Netapp Hci and 191 more 2022-05-23 4.3 MEDIUM 6.1 MEDIUM
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
CVE-2021-28657 2 Apache, Oracle 5 Tika, Communications Messaging Server, Healthcare Foundation and 2 more 2022-05-10 4.3 MEDIUM 5.5 MEDIUM
A carefully crafted or corrupt file may trigger an infinite loop in Tika's MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later.
CVE-2019-11358 10 Backdropcms, Debian, Drupal and 7 more 102 Backdrop, Debian Linux, Drupal and 99 more 2022-02-07 4.3 MEDIUM 6.1 MEDIUM
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2015-9251 2 Jquery, Oracle 47 Jquery, Agile Product Lifecycle Management For Process, Banking Platform and 44 more 2021-01-08 4.3 MEDIUM 6.1 MEDIUM
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.