CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2426 matches found

NCSC•added 2022/01/21 12:0 a.m.•2 views

Vulnerabilities fixed in Drupal core

Drupal developers have fixed vulnerabilities in Drupal core. The vulnerabilities are in jQuery UI. It is possible that this security vulnerability could be exploited with some Drupal modules and could result in a Cross-Site Scripting XSS vulnerability. Drupal developers have released updates to f...

6.5CVSS6.9AI score0.22267EPSS

Exploits4

OpenVAS•added 2022/01/20 12:0 a.m.•22 views

Drupal 8.x, 9.x < 9.2.11, 9.3.x < 9.3.3 XSS Vulnerability (SA-CORE-2022-001) - Linux

Drupal is prone to a cross-site scripting XSS vulnerability in jQuery UI. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

6.5CVSS6.3AI score0.03097EPSS

Exploits1References1

OpenVAS•added 2022/01/20 12:0 a.m.•18 views

Drupal 7.x < 7.86 Multiple XSS Vulnerabilities (SA-CORE-2022-002) - Windows

Drupal is prone to multiple cross-site scripting XSS vulnerabilities in jQuery UI. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

7.1AI score

Exploits0References1

OpenVAS•added 2022/01/20 12:0 a.m.•26 views

Drupal 7.x < 7.86 Multiple XSS Vulnerabilities (SA-CORE-2022-002) - Linux

7.1AI score

Exploits0References1

OpenVAS•added 2022/01/20 12:0 a.m.•22 views

Drupal 8.x, 9.x < 9.2.11, 9.3.x < 9.3.3 XSS Vulnerability (SA-CORE-2022-001) - Windows

6.5CVSS6.3AI score0.03097EPSS

Exploits1References1

Debian•added 2022/01/19 8:0 p.m.•43 views

[SECURITY] [DLA-2889-1] drupal7 security update

Package : drupal7 Version : 7.52-2+deb9u17 CVE ID : CVE-2021-41182 CVE-2021-41183 CVE-2016-7103 CVE-2010-5312 The Drupal project includes a very old version of jQuery. Security vulnerabilities leading to cross-site scripting attacks in different components of the jQuery UI libraries were found an...

6.5CVSS6.4AI score0.22267EPSS

Exploits4

OSV•added 2022/01/19 5:20 p.m.•1 views

DRUPAL-CORE-2022-001

jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they disclosed the following security issu...

6.4AI score

Exploits0References1

OSV•added 2022/01/19 3:33 p.m.•2 views

DRUPAL-CONTRIB-2022-004

jQuery UI is a third-party library used by Drupal. The jQuery UI Datepicker module provides the jQuery UI Datepicker library, which is not included in Drupal 9 core. jQuery UI was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, an...

6.8AI score

Exploits0References1

Drupal•added 2022/01/19 12:0 a.m.•41 views

jQuery UI Datepicker - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-004

6.5CVSS6.2AI score0.22267EPSS

Exploits2References7

Tenable Nessus•added 2022/01/19 12:0 a.m.•54 views

Drupal 7.x < 7.86 / 9.2.x < 9.2.11 / 9.3.x < 9.3.3 Multiple Vulnerabilities (drupal-2022-01-19)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.86, 9.2.x prior to 9.2.11, or 9.3.x prior to 9.3.3. It is, therefore, affected by multiple vulnerabilities. - Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dial...

6.5CVSS7.2AI score0.31104EPSS

Exploits6References13

Drupal•added 2022/01/19 12:0 a.m.•113 views

Drupal core - Moderately critical - Cross site scripting - SA-CORE-2022-002

jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. In addition to the issue covered by SA-CORE-2022-001, further security...

6.5CVSS0.8AI score0.22267EPSS

Exploits4References10

Drupal•added 2022/01/19 12:0 a.m.•69 views

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2022-001

6.5CVSS1AI score0.31104EPSS

Exploits2References14

OSV•added 2022/01/10 8:15 p.m.•1 views

AZL-44112 CVE-2022-0155 affecting package js-jquery 3.5.0-4

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor...

6.5CVSS7.4AI score0.01302EPSS

Exploits2References1

vulnersOsv•added 2022/01/06 10:48 p.m.•2 views

@esfaenza/core (>=15.2.16 <=19.2.114), @naxxfish/whereis (=0.0.1) +15 more potentially affected by CVE-2021-43862 via jquery.terminal (>=0.10.12 <=2.23.2)

jquery.terminal NPM version =0.10.12, =15.2.16, =0.0.1, =0.1.3, =2.0.0, =3.3.2, =0.0.3, =1.0.4, =0.1.0, =1.0.0, =1.0.2, =0.0.1, =0.0.10 and more Source cves: CVE-2021-43862 Source advisory: OSV:GHSA-X9R5-JXVQ-4387...

5.4CVSS6AI score0.00297EPSS

Exploits1

Tenable Nessus•added 2021/12/31 12:0 a.m.•229 views

JQuery UI < 1.13.0 Multiple XSS

The version of JQuery UI library hosted on the remote web server is prior to 1.13.0. It is, therefore, affected by multiple cross-site scripting vulnerabilities: - Accepting the value of the 'altField' option of the Datepicker widget from untrusted sources may execute untrusted code. CVE-2021-411...

6.5CVSS6.6AI score0.31104EPSS

Exploits4References4

Tenable Nessus•added 2021/12/31 12:0 a.m.•23 views

jQuery UI Detection

The web server on the remote host uses jQuery UI. TRUSTED...

7.1AI score

Exploits0References1

OSV•added 2021/12/30 3:15 p.m.•17 views

CVE-2021-43862

jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting XSS vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code...

5.4CVSS5.6AI score

Exploits0References4