Debian: Security Advisory (DLA-2608-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DLA-2608-1 jquery - security update

Bulletin has no description...

Linksys EA7500 2.0.8.194281 - Cross-Site Scripting

Exploit Title: Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Date: 3/24/21 Exploit Author: MiningOmerta Vendor Homepage: https://www.linksys.com/ Version: EA7500 Firmware Version: 2.0.8.194281 CVE: CVE-2012-6708 Tested On: Linksys EA7500 jQuery version 1.7.1 Cross-Site Scripting Vulnerabilit...

Linksys EA7500 2.0.8.194281 Cross Site Scripting

Exploit Title: Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Date: 3/24/21 Exploit Author: MiningOmerta Vendor Homepage: https://www.linksys.com/ Version: EA7500 Firmware Version: 2.0.8.194281 CVE: CVE-2012-6708 Tested On: Linksys EA7500 jQuery version 1.7.1 Cross-Site Scripting Vulnerabilit...

Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Vulnerability

Exploit Title: Linksys EA7500 2.0.8.194281 - Cross-Site Scripting Exploit Author: MiningOmerta Vendor Homepage: https://www.linksys.com/ Version: EA7500 Firmware Version: 2.0.8.194281 CVE: CVE-2012-6708 Tested On: Linksys EA7500 jQuery version 1.7.1 Cross-Site Scripting Vulnerability on modern...

AZL-44058 CVE-2021-23362 affecting package js-jquery 3.5.0-4

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service ReDoS via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity...

Security Bulletin: IBM Kenexa LMS On Premise -[All] jQuery (Publicly disclosed vulnerability) - 180875

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details Third Party Entry: 180875 DESCRIPTION: jQuery cross-site scripting CVSS Base score: 6.1 CVSS Temporal Score: See...

Security Bulletin: IBM Kenexa LMS On Premise -[All] jQuery (Publicly disclosed vulnerability) - CVE-2020-7656

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details CVEID: CVE-2020-7656 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: IBM Kenexa LMS On Premise -[All] jQuery (Publicly disclosed vulnerability) - CVE-2020-11023, CVE-2020-11022

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation o...

WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal

Exploit Title: WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal Date: 19/03/2021 Exploit Author: Nicholas Ferreira Vendor Homepage: https://github.com/A5hleyRich/delightful-downloads Version: =1.6.6 Tested on: Debian 11 CVE : CVE-2017-1000170 PHP version exploit: 7.3....

WordPress Delightful Downloads Jquery File Tree 1.6.6 Plugin - Path Traversal Exploit

Exploit Title: WordPress Plugin Delightful Downloads Jquery File Tree 1.6.6 - Path Traversal Exploit Author: Nicholas Ferreira Vendor Homepage: https://github.com/A5hleyRich/delightful-downloads Version: =1.6.6 Tested on: Debian 11 CVE : CVE-2017-1000170 PHP version exploit: 7.3.27 POC: curl --da...

ipa security and bug fix update

4.6.8-5.0.1 - Blank out header-logo.png product-name.png - Replace login-screen-logo.png Orabug: 20362818 4.6.8-5.el79.4 - Resolves: 1897253 IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing - wgi/plugins.py: ignore empty plugin directories - Resolves: 1895197...

Oracle Linux 7 : ipa (ELSA-2021-0860)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-0860 advisory. - Resolves: 1859248 CVE-2020-11023 ipa: jquery: Passing HTML containing elements to manipulation methods could result in untrusted code execution - WebUI: Fix...

RHEL 7 : ipa (RHSA-2021:0860)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0860 advisory. Red Hat Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

Important: Red Hat Security Advisory: Red Hat Ansible Tower 3.6.7-1 - Container security and bug fix update

Red Hat Ansible Tower 3.6.7-1 - RHEL7 Container Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Vulnerability fixed in NetApp Active IQ Unified Manager and Snap Creator Framework

NetApp has fixed a vulnerability in JQuery as used in Active IQ Unified Manager and Snap Creator Framework, among others. The vulnerabilities allow an unauthenticated malicious person to to access sensitive data or manipulate data. NetApp has released updates to fix the vulnerabilities in Active ...

Security Bulletin: IBM Cognos Command Center has addressed multiple vulnerabilities (Q12021)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Cognos Command Center. This issue was disclosed as part of the IBM Java SDK updates in October 2020. IBM Command Center 10.2.4 FP1 IF14 has addressed the applicable CVE. Additionally , a vulnerability in jQue...

Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2021-1346)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...