CVE-2025-50067

all versions

Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). Supported versions that are affected are

9.0CRITICAL

CVE-2025-21557

all versions

Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Easily

5.4MEDIUM

CVE-2024-21261

all versions

Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Diffic

4.9MEDIUM

CVE-2023-21983

>= 18.2 and <= 22.2

Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Supported versio

5.6MEDIUM

CVE-2023-21975

>= 18.2 and <= 22.2

Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). Suppor

9.0CRITICAL

CVE-2023-21974

>= 18.2 and <= 22.1

Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account). Su

9.0CRITICAL

CVE-2022-24729

< 22.1.1

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability i

6.5MEDIUM

CVE-2022-24728

< 22.1.1

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML process

5.4MEDIUM

CVE-2021-41165

< 22.1

CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processi

8.2HIGH

CVE-2021-41164

< 22.1

CKEditor4 is an open source WYSIWYG HTML editor. In affected versions a vulnerability has been discovered in the Advanced Content

8.2HIGH

CVE-2021-41184

< 22.1.1

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the `.

6.5MEDIUM

CVE-2021-41183

< 22.1.1

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various *Text options o

6.5MEDIUM

CVE-2021-41182

< 22.1.1

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of

6.5MEDIUM

CVE-2021-37695

< 21.1.4

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdito

7.3HIGH

CVE-2021-32809

< 21.1.4

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdito

4.6MEDIUM

CVE-2021-32808

< 21.1.4

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Wid

7.6HIGH

CVE-2021-2460

< 21.1.0.00.04

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is a

5.4MEDIUM

CVE-2021-32723

< 21.1.4

Prism is a syntax highlighting library. Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS

7.4HIGH

CVE-2021-26272

< 21.1.0

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text

6.5MEDIUM

CVE-2021-26271

< 21.1.0

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the

6.5MEDIUM

CVE-2020-27193

< 21.1.0.00.01

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary

6.1MEDIUM

CVE-2020-7760

< 20.2

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerabl

5.3MEDIUM

CVE-2020-14900

< 20.2

Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. The supported version that is

5.4MEDIUM

CVE-2020-14899

< 20.2

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. The supported version that is a

5.4MEDIUM

CVE-2020-14898

< 20.2

Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. The supported version that is a

5.4MEDIUM

CVE-2020-14763

< 20.2

Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. The supported version that is affe

5.4MEDIUM

CVE-2020-14762

< 20.2

Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Pri

5.4MEDIUM

CVE-2020-26870

< 21.1.0.00.01

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return th

6.1MEDIUM

CVE-2020-2977

>= 5.1 and <= 19.2

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-

4.6MEDIUM

CVE-2020-2976

>= 5.1 and <= 19.2

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-

5.4MEDIUM

CVE-2020-2975

>= 5.1 and <= 19.2

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-

5.4MEDIUM

CVE-2020-2974

>= 5.1 and <= 19.2

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-

5.4MEDIUM

CVE-2020-2973

>= 5.1 and <= 19.2

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-

5.4MEDIUM

CVE-2020-2972

>= 5.1 and <= 19.2

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-

5.4MEDIUM

CVE-2020-2971

>= 5.1 and <= 19.2

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-

5.4MEDIUM

CVE-2020-2513

>= 5.1 and <= 19.2

Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-

5.4MEDIUM

CVE-2020-11023

< 20.2

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sourc

6.9MEDIUM

CVE-2020-2514

< 19.2

Vulnerability in the Oracle Application Express component of Oracle Database Server. The supported version that is affected is Pri

4.6MEDIUM

CVE-2020-9281

< 20.2

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inje

6.1MEDIUM

CVE-2019-10219

all versions

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-11358

< 19.1

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec

6.1MEDIUM

CVE-2018-2699

<= 5.1.4.00.08

Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is Prior to 5

6.1MEDIUM

CVE-2016-7103

< 19.1

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or

6.1MEDIUM

CVE-2016-3467

<= 5.0.3

Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to a

5.8MEDIUM

CVE-2016-3448

<= 5.0.3

Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to a

6.1MEDIUM

CVE-2008-1822

all versions

Unspecified vulnerability in the Oracle Application Express component in Oracle Application Express 3.0.1 has unknown impact and r

CVE-2008-1811

all versions

Unspecified vulnerability in Oracle Application Express 3.0.1 has unspecified impact and remote authenticated attack vectors relat