Oracle Commerce Merchandising — known CVE vulnerabilities
Every CVE whose affected-product data names Oracle Commerce Merchandising, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2021-32808 — CVSS 7.6 (high): ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget…
CVE-2021-37695 — CVSS 7.3 (high): ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake…
CVE-2019-2713 — CVSS 6.5 (medium): Vulnerability in the Oracle Commerce Merchandising component of Oracle Commerce (subcomponent: Asset Manager). The supported version that…
CVE-2021-26272 — CVSS 6.5 (medium): It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the…
CVE-2022-24729 — CVSS 6.5 (medium): CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the…
CVE-2020-27193 — CVSS 6.1 (medium): A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web…
CVE-2022-24728 — CVSS 5.4 (medium): CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing…
CVE-2021-32809 — CVSS 4.6 (medium): ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4…