CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

oracle

banking_enterprise_default_managment

4 known vulnerabilities · sorted by CVSS score

CVE-2020-9281

MEDIUM6.1

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with the cke_protected syntax).

ckeditor / ckeditor+23

Network

Published Mar 7, 2020

CVE-2019-10219

MEDIUM6.1

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

oracle / insurance_data_gateway+421

Network

Published Nov 8, 2019

CVE-2021-35043

MEDIUM6.1

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with &#00058 as the replacement for the : character.

antisamy_project / antisamy+27

Network

Published Jul 19, 2021

CVE-2021-29425

MEDIUM4.8

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value.

apache / commons_io+135

Network

Published Apr 13, 2021