There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
knockoutjs knockout |
||
redhat decision manager 7.0 |
||
redhat process automation 7.0 |
||
oracle business intelligence 12.2.1.3.0 |
||
oracle business intelligence 12.2.1.4.0 |
||
oracle business intelligence 5.5.0.0.0 |
||
oracle goldengate 12.3.0.1.2 |