Lucene search

XSS in jQuery as used in Drupal, Backdrop CMS, and other products

🗓️ 26 Apr 2019 16:11:29Reported by GitHub Advisory DatabaseType

github🔗 github.com👁 1134 Views

XSS vulnerability in jQuery affects Drupal, Backdrop CMS and other product

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 199
Fedora	[SECURITY] Fedora 30 Update: drupal7-7.66-1.fc30	9 May 201901:34	–	fedora
Fedora	[SECURITY] Fedora 30 Update: drupal7-7.69-1.fc30	4 Jan 202022:16	–	fedora
Fedora	[SECURITY] Fedora 30 Update: drupal7-7.67-1.fc30	25 May 201901:06	–	fedora
Fedora	[SECURITY] Fedora 29 Update: drupal7-7.66-1.fc29	9 May 201903:18	–	fedora
Fedora	[SECURITY] Fedora 29 Update: drupal7-7.67-1.fc29	25 May 201903:36	–	fedora
Fedora	[SECURITY] Fedora 28 Update: drupal7-7.66-1.fc28	9 May 201901:42	–	fedora
Fedora	[SECURITY] Fedora 28 Update: drupal7-7.67-1.fc28	25 May 201901:11	–	fedora
Fedora	[SECURITY] Fedora 30 Update: drupal8-8.6.15-1.fc30	8 May 201901:13	–	fedora
Fedora	[SECURITY] Fedora 29 Update: drupal8-8.6.15-1.fc29	8 May 201903:06	–	fedora
Check Point Advisories	jQuery Prototype Pollution Object Cross-Site Scripting (CVE-2019-11358)	29 Apr 201900:00	–	checkpoint_advisories

Vulners

Node

maximebf debugbarRange<1.19.0

org.webjars.npm jqueryRange1.1.4–3.4.0

jquery jqueryRange1.1.4–3.4.0

django_project djangoRange2.2a1–2.2.2

django_project djangoRange2.0a1–2.1.9

rubyonrails jquery-railsRange<4.3.4

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2019-11358
backdropcms	www.backdropcms.org/security/backdrop-sa-core-2019-009
github	www.github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
github	www.github.com/jquery/jquery/pull/4333
snyk	www.snyk.io/vuln/SNYK-JS-JQUERY-174006
drupal	www.drupal.org/sa-core-2019-006
access	www.access.redhat.com/errata/RHSA-2019:3023
access	www.access.redhat.com/errata/RHSA-2019:3024
lists	www.lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc@%3Ccommits.airflow.apache.org%3E
lists	www.lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Apr 2019 16:29Current

6.6Medium risk

Vulners AI Score6.6

CVSS24.3

CVSS36.1

EPSS0.02078

SSVC