Oracle Application Express User Account cross site scripting

A vulnerability classified as critical was found in Oracle Application Express (affected version unknown). Affected by this vulnerability is an unknown part of the component User Account. Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Field07/20/2022 08:15 AM08/06/2022 03:01 PM08/06/2022 03:02 PM
vendorOracleOracleOracle
nameApplication ExpressApplication ExpressApplication Express
cveCVE-2021-41184CVE-2021-41184CVE-2021-41184
componentUser AccountUser AccountUser Account
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_sCCC
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rcCCC
cvss3_vuldb_rlOOO
urlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.html
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
identifierOracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022Oracle Critical Patch Update Advisory - July 2022
date1658181600 (07/19/2022)1658181600 (07/19/2022)1658181600 (07/19/2022)
nameUpgradeUpgradeUpgrade
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_eXXX
cvss2_vuldb_basescore5.55.55.5
cvss2_vuldb_tempscore4.84.84.8
cvss3_vuldb_basescore5.45.45.4
cvss3_vuldb_tempscore5.25.25.2
cvss3_meta_basescore5.45.46.0
cvss3_meta_tempscore5.25.25.9
price_0day$5k-$25k$5k-$25k$5k-$25k
patch_urlhttps://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280https://github.com/jquery/jquery-ui/commit/effa323f1505f2ce7a324e4f429fa9032c72f280
cve_assigned1631656800 (09/15/2021)1631656800 (09/15/2021)
cve_nvd_summaryjQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.
cwe0079 (cross site scripting)
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auN
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiR
cvss3_cna_sU
cvss3_cna_cN
cvss3_cna_iH
cvss3_cna_aN
cve_cnaGitHub, Inc.
cvss2_nvd_basescore4.3
cvss3_nvd_basescore6.1
cvss3_cna_basescore6.5

Interested in the pricing of exploits?

See the underground prices here!