CentOS 8 : pcs (CESA-2021:4142)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4142 advisory. - jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 - jquery: Cross-site scripting XSS via HTML tags...

RHEL 8 : pcs (RHSA-2021:4142)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4142 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. The following packages have been...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

jquery: Cross-site scripting (XSS) via <script> HTML tags containing whitespaces

A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove "" HTML tags that contain a whitespace character which results in the enclosed script logic to be executed. The highest threat from this vulnerability ...

Low: Red Hat Security Advisory: pcs security, bug fix, and enhancement update

An update for pcs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE lin...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

pcs security, bug fix, and enhancement update

An update is available for pcs. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The pcs packages provide a command-line configuration system for the Pacemaker an...

Low: pcs security, bug fix, and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. The following packages have been upgraded to a later upstream version: pcs 0.10.10. BZ1935594 Security Fixes: jquery: Cross-site scripting XSS via HTML tags containing whitespaces CVE-2020-7656...

RLSA-2021:4142 Low: pcs security, bug fix, and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. The following packages have been upgraded to a later upstream version: pcs 0.10.10. BZ1935594 Security Fixes: jquery: Cross-site scripting XSS via HTML tags containing whitespaces CVE-2020-7656...

ALSA-2021:4142 Low: pcs security, bug fix, and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. The following packages have been upgraded to a later upstream version: pcs 0.10.10. BZ1935594 Security Fixes: jquery: Cross-site scripting XSS via HTML tags containing whitespaces CVE-2020-7656...

jQuery UI < 1.13.0 Multiple Vulnerabilities

According to its self-reported version number, jQuery UI is prior to 1.13.0. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS in the altField option of the Datepicker widget CVE-2021-41182 - A Cross-Site Scripting XSS in Text options of the Datepicker widget...

pekeUpload cross-site scripting vulnerability

PekeUpload is a Jquery Html5 file upload plugin from the personal developer Pedro Molina in Colombia. pekeUpload suffers from a cross-site scripting vulnerability that exists due to insufficient cleanup of user-supplied data. A remote attacker could exploit the vulnerability to be able to trick a...

CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...

CVE-2021-41183

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

PekeUpload 跨站脚本漏洞

PekeUpload is a Jquery Html5 file upload plugin from the personal developer Pedro Molina in Colombia. pekeUpload suffers from a cross-site scripting vulnerability that exists due to insufficient cleanup of user-supplied data. A remote attacker could exploit the vulnerability to be able to trick a...

Cross-site Scripting (XSS)

jquery-ui is vulnerable to cross-site scripting attacks. The vulnerability exists because the 'Text' option of the 'datepicker.js' widget is not properly handled allowing a malicious attacker to send and execute arbitrary Javascript...

Cross-site Scripting (XSS)

jquery-ui is vulnerable to cross-site scripting. An attacker can inject and execute malicious javascript through the updateAlternate function in datepicker.js as it does not properly sanitize altField...

Cross-site Scripting (XSS)

jQuery-UI is vulnerable to cross-site scripting. The value of 'of' option of the '.position' in 'position.js' is not properly encoded, which allows a malicious attacker to inject and execute arbitrary Javascript...

NewStart CGSL CORE 5.05 / MAIN 5.05 : ipa Multiple Vulnerabilities (NS-SA-2021-0171)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ipa packages installed that are affected by multiple vulnerabilities: - jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causin...