Skip to main content

Scripting

8 CVEs technique

Monthly

CVE-2026-21943 MEDIUM This Month

Reflected cross-site scripting in Oracle E-Business Suite Scripting Admin (versions 12.2.3-12.2.15) allows unauthenticated attackers to modify or read sensitive data via malicious HTTP requests that require user interaction. The vulnerability can impact other Oracle products due to scope changes and currently lacks an available patch. CVSS 6.1 (Medium) reflects low-complexity network-based exploitation with confidentiality and integrity impacts.

Oracle Scripting
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2023-3670 HIGH This Week

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Development System Scripting
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2021-2091 HIGH This Week

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Scripting
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2021-2029 CRITICAL Act Now

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Scripting
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2020-2879 HIGH This Week

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Scripting
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2020-2817 HIGH This Week

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Scripting
NVD
CVSS 3.1
8.2
EPSS
1.3%
CVE-2018-2997 HIGH PATCH This Week

Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Script Author). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Scripting
NVD
CVSS 3.0
8.2
EPSS
2.0%
CVE-2017-3549 CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.0%.

SQLi Authentication Bypass Oracle Scripting
NVD Exploit-DB
CVSS 3.0
9.1
EPSS
31.0%
Threat
4.3
EPSS 0% CVSS 6.1
MEDIUM This Month

Reflected cross-site scripting in Oracle E-Business Suite Scripting Admin (versions 12.2.3-12.2.15) allows unauthenticated attackers to modify or read sensitive data via malicious HTTP requests that require user interaction. The vulnerability can impact other Oracle products due to scope changes and currently lacks an available patch. CVSS 6.1 (Medium) reflects low-complexity network-based exploitation with confidentiality and integrity impacts.

Oracle Scripting
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Development System Scripting
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Scripting
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Scripting
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Scripting
NVD
EPSS 1% CVSS 8.2
HIGH This Week

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Scripting
NVD
EPSS 2% CVSS 8.2
HIGH PATCH This Week

Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Script Author). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Scripting
NVD
EPSS 31% 4.3 CVSS 9.1
CRITICAL POC PATCH THREAT Act Now

Vulnerability in the Oracle Scripting component of Oracle E-Business Suite (subcomponent: Scripting Administration). Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.0%.

SQLi Authentication Bypass Oracle +1
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy