Multiple vulnerabilities in Extension "Miniorange Saml" (miniorange_saml)

The extension fails to properly encode user input for output in HTML context CVE-2021-36785. Also the extension contains sensitive data API credentials and private key which should not have been published CVE-2021-36786. Finally the extension bundles several 3rd Party Components jQuery and...

bootstrap security update

3.0.0-7.0.1 - Backport jQuery CVE-2020-11023 fixes from jQuery v3.5.0 to bundled v1.10.2 Orabug: 33181852...

Security Bulletin: IBM QRadar SIEM is vulnerable to Using Components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. Vulnerability Details CVEID: CVE-2020-8908 DESCRIPTION: Guava could allow a remote authenticated attacker to bypass security restrictions, caused by a temp...

Security Bulletin: Multiple vulnerabilites affect IBM Jazz Foundation and IBM Engineering products.

Summary There are multiple vulnerabilities that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Requirements Management DOORS Next DOORS Next, IBM Engineering Workflow Management EWM, IBM...

Security Bulletin: A cross-site scripting vulnerability in JQuery affects IBM InfoSphere Information Server

Summary A cross-site scripting vulnerability in JQuery used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could explo...

Cross-Site Scripting (XSS)

cleditor is vulnerable to cross-site scripting XSS. An attacker is able to inject arbitrary Javascript into the user's browser via the jQuery plug-in...

CVE-2020-11023

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

CVE-2021-32682

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal...

CVE-2021-32682

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal...

Authentication flaw

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal...

CVE-2021-32682

elFinder 2.1.58 is affected by multiple remote code execution vulnerabilities that could allow an attacker to execute arbitrary code and commands on the server hosting the PHP connector, even with minimal configuration. The issues were patched in 2.1.59; a mitigation is to ensure the connector is...

jQuery 1.4.2 <= 1.11.0 XSS Vulnerability

jQuery is prone to a cross-site scripting XSS vulnerability via vectors related to use of the text method inside after. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

AZL-44862 CVE-2020-28469 affecting package js-jquery 3.5.0-4

This affects the package glob-parent before 5.1.2. The enclosure regex used to check for strings ending in enclosure containing path separator...

jQuery Detection Consolidation

Consolidation of jQuery detections. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.150658";...

Tenable Log Correlation Engine (LCE) < 6.0.9 (TNS-2021-10)

The version of Tenable Log Correlation Engine LCE installed on the remote host is prior to 6.0.9. It is, therefore, affected by multiple vulnerabilities: - Multiple denial of service vulnerabilities in the included OpenSSL component. CVE-2019-1551, CVE-2020-1967, CVE-2020-1971, CVE-2021-3449,...

jQuery Detection (Linux/Unix SSH Login)

SSH login-based detection of jQuery. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...

[R1] LCE 6.0.9 Fixes Multiple Third-party Vulnerabilities

Tenable Log Correlation Engine leverages third-party software to help provide underlying functionality. Two separate third-party components OpenSSL, jQuery were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good...

WeedCMS 5.6 Build 20111203 Exists Logic Flaw Vulnerability

Weed website management system WEEDCMS is a content management system developed independently by Weed based on PHP + MYSQL. Oriented enterprises , individuals , small portals and other small and medium-sized site use and development . Using the international popular Smarty engine and agile JQuery...

Security Bulletin: IBM License Key Server Administration and Reporting Tool is impacted by multiple vulnerabilities in jQuery, Bootstrap and AngularJS

Summary Multiple vulnerabilities have been found in jQuery, Bootstrap and AngularJS libraries that are used by IBM License Key Server LKS Administration and Reporting Tool ART. Mitigations have been identified and a fix has been published. Vulnerability Details CVEID: CVE-2019-14863 DESCRIPTION:...

GHSA-XG68-CHX2-253G Prototype Pollution in jquery-deparam

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-deparam allows a malicious user to inject properties into Object.prototype...