Oracle Communications WebRTC Session Controller 7.2 ME cross site scripting

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Oracle Communications WebRTC Session Controller 7.2 (Cloud Software) and classified as critical. Affected by this issue is an unknown function of the component ME. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field11/21/2020 07:35 AM11/22/2020 06:56 PM11/22/2020 07:01 PM
vendorOracleOracleOracle
nameCommunications WebRTC Session ControllerCommunications WebRTC Session ControllerCommunications WebRTC Session Controller
cveCVE-2020-11022CVE-2020-11022CVE-2020-11022
componentMEMEME
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prNNN
cvss3_vuldb_uiRRR
cvss3_vuldb_sCCC
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
version7.27.27.2
urlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpuoct2020.html
date160314480016031448001603144800
identifierOracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020Oracle Critical Patch Update Advisory - October 2020
nameUpgradeUpgradeUpgrade
date160314480016031448001603144800
typeCloud SoftwareCloud SoftwareCloud Software
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore6.46.46.4
cvss2_vuldb_tempscore5.65.65.6
cvss3_vuldb_basescore6.16.16.1
cvss3_vuldb_tempscore5.85.85.8
cvss3_meta_basescore6.16.16.1
cvss3_meta_tempscore5.85.85.8
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore4.34.34.3
cvss3_nvd_basescore6.16.16.1
cve_assigned15855192001585519200
cve_nvd_summaryIn jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
confirm_urlhttps://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
cwe79
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
cve_cnaGitHub, Inc.

Interested in the pricing of exploits?

See the underground prices here!