Oracle Commerce_merchandising
8 CVEs affecting Oracle Commerce_merchandising. Latest disclosed: 2022-03-16. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-32808 | High | 7.6 | 2021-08-12 | ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside… |
CVE-2021-37695 | High | 7.3 | 2021-08-13 | ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ck… |
CVE-2022-24729 | Medium | 6.5 | 2022-03-16 | CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vu… |
CVE-2021-26272 | Medium | 6.5 | 2021-01-26 | It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then pr… |
CVE-2019-2713 | Medium | 6.5 | 2019-04-23 | Vulnerability in the Oracle Commerce Merchandising component of Oracle Commerce (subcomponent: Asset Manager). The supported version that is affected is 11.2.0… |
CVE-2020-27193 | Medium | 6.1 | 2020-11-12 | A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading… |
CVE-2022-24728 | Medium | 5.4 | 2022-03-16 | CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all… |
CVE-2021-32809 | Medium | 4.6 | 2021-08-12 | ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckedi… |