Oracle Commerce Merchandising vulnerabilities

CVE-2022-24729 [MEDIUM] CWE-400 CVE-2022-24729: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.1 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.

CVE-2022-24728 [MEDIUM] CWE-79 CVE-2022-24728: CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been disco CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. T

CVE-2021-37695 [HIGH] CWE-79 CVE-2021-37695: ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEdito

CVE-2021-32808 [HIGH] CWE-79 CVE-2021-32808: ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been d ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor

CVE-2021-32809 [MEDIUM] CWE-94 CVE-2021-32809: ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all

CVE-2021-26272 [MEDIUM] CWE-829 CVE-2021-26272: It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugin).

CVE-2020-27193 [MEDIUM] CWE-79 CVE-2020-27193: A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows rem A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs.

CVE-2019-2713 [MEDIUM] CVE-2019-2713: Vulnerability in the Oracle Commerce Merchandising component of Oracle Commerce (subcomponent: Asset Vulnerability in the Oracle Commerce Merchandising component of Oracle Commerce (subcomponent: Asset Manager). The supported version that is affected is 11.2.0.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Merchandising. Successful attacks of this vulnerability can result in unau