CVE-2021-21252

CVE-2021-21252 affects the jquery-validation (jquery-validation) package. It is a ReDoS (Regular Expression Denial of Service) in Regular Expressions used by the plugin prior to version 1.19.3. The issue is fixed in 1.19.3. Public sources in the connected docs (NVD, GitHub advisory GHSA-jxwx-85vp...

jQuery End of Life (EOL) Detection - Windows

The jQuery version on the remote host has reached the end of life EOL and should not be used anymore. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

jQuery End of Life (EOL) Detection - Linux

The jQuery version on the remote host has reached the end of life EOL and should not be used anymore. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

AZL-44673 CVE-2020-36048 affecting package js-jquery 3.5.0-4

Engine.IO before 4.0.0 allows attackers to cause a denial of service resource consumption via a POST request to the long polling transport...

AZL-45030 CVE-2020-36049 affecting package js-jquery 3.5.0-4

socket.io-parser before 3.4.1 allows attackers to cause a denial of service memory consumption via a large packet because a concatenation approach is used...

Security Bulletin: IBM API Connect V5 is vulnerable to cross-site scripting in jQuery (CVE-2015-9251)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-craft...

h1-ctf: How The Hackers Saved Christmas

F1139789 Challenge I 🤖 "What are you doing?" I asked myself. I was about to trespass a clear warning to keep out. F1139744 "Have you lost your mind?" But I couldn't help it. I was born for this. And I wasn't going to back down. There are 12 more days until Christmas Eve, and I wasn't going to let...

h1-ctf: First CTF ever!

Pretext Started looking into hacking this autumn and then found out HackerOne was doing a Christmas themed CTF. Further investigation showed that the deplorable Grinch might be up to no good again - Christmas is in danger! TLDR Lots of hacking took place, the Grinch was stopped, Christmas saved a...

h1-ctf: [H1 hackyholidays] CTF Writeup

Hello team, Here is my CTF writeup for HackyHolidays. Main page The main page doesn't contain any interesting stuff, just a few assets. Maybe we will find some known files in webapp root: index.php, .htaccess, robots.txt, ...? robots.txt file exists, and there is the first flag: User-agent:...

AZL-44940 CVE-2020-28282 affecting package js-jquery 3.5.0-4

Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution...

h1-ctf: A Visit from The Grinch ~ 'Twas the night before Hackmas...

Foreword This was an amazing CTF! The first from Hackerone that I've finished and one that I have enjoyed the most. Huge shout out to @adamtlangley for creating this downright poetic challenge. My whopping 20+ invitations are already being put to good use. Hacky Holidays and Merry Hackmas! Flag 1...

h1-ctf: ctf walkthrough

Hi, finally managed to solve all challenges, this was my first h1ctf, some challenges were pretty nice, some others had some frustrating guessing parts, but overall it was fun. Here goes day1 to day12 walkthroughs: Day 1 we have only one asset in scope hackyholidays.h1ctf.com the main page at...

[R1] Tenable.sc 5.17.0 Fixes Multiple Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. Two separate third-party components jQuery and OpenSSL were found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable...

Denial of Service (DoS)

Amendment This was deemed not a vulnerability. Overview jquery-ui is a library for manipulating UI elements via jQuery. Affected versions of this package are vulnerable to Denial of Service DoS. When the "dialog" is injected into an HTML tag more than once, the browser and the application may...

RHEL 7 : python-XStatic-jQuery (RHSA-2020:5581)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5581 advisory. python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools Security Fixes: Prototype pollution in object's prototype...

RHEL 8 : python-XStatic-jQuery224 (RHSA-2020:5412)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:5412 advisory. python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools Security Fixes: Passing HTML containing elements to...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

Moderate: Red Hat Security Advisory: python-XStatic-jQuery security update

An update for python-XStatic-jQuery is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

EulerOS 2.0 SP5 : pki-core (EulerOS-SA-2020-2560)

According to the versions of the pki-core packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority KRA Agent Service did not properly sanitize recove...