OPENSUSE-SU-2020:1888-1 Security update for otrs

This update for otrs fixes the following issues: - otrs was updated to 6.0.30 OSA-2020-14 boo1178434 - CVE-2020-11022, CVE-2020-11023: Vulnerability in third-party library - jquery OTRS uses jquery version 3.4.1, which is vulnerable to cross-site scripting XSS...

Security update for otrs (moderate)

openSUSE Security Update: Security update for otrs Announcement ID: openSUSE-SU-2020:1888-1 Rating: moderate References: 1178434 Cross-References: CVE-2020-11022 CVE-2020-11023 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1 An...

Moderate: Red Hat Security Advisory: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

An update for the pki-core:10.6 and pki-deps:10.6 modules is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

jquery: Cross-site scripting via cross-domain ajax requests

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

jquery: Cross-site scripting via cross-domain ajax requests

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

idm:DL1 and idm:client security, bug fix, and enhancement update

An update is available for python-jwcrypto, custodia, python-qrcode, python-yubico, python-kdcproxy, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rocky...

Oracle JDeveloper XSS (October 2020 CPU)

The version of Oracle JDeveloper installed on the remote host is missing a security patch. It is, therefore, affected by a cross-site scripting XSS vulnerability in the ADF Faces jQuery component. An unauthenticated, remote attacker can exploit this issue to compromise Oracle JDeveloper. Successf...

The vulnerability of the jQuery library arises from insufficient cleaning of data provided by users when elements of the <option> type are passed. This allows attackers to perform cross-site scripting attacks.

The vulnerability of the jQuery library exists due to insufficient cleaning of the data provided by the user when elements with the tag are passed to jQuery’s DOM methods. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...

The vulnerability of the General component (jQuery) of the Oracle REST Data Services data service allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the General component jQuery in the Oracle REST Data Services data service is related to security mechanism failures. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information via the HTTP network...

Oracle Business Process Management Suite (Oct 2020 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by the following vulnerabilities as referenced in the October 2020 CPU advisory: - Vulnerability in the Runtime Engine Application Development Framework. An unauthenticated, remote attacker with netwo...

Security Bulletin: JQuery as used in IBM Security QRadar Packet Capture is vulnerable to Cross Site Scripting (XSS) (CVE-2020-11023, CVE-2020-11022)

Summary JQuery as used in IBM Security QRadar Packet Capture is vulnerable to Cross Site Scripting XSS Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote...

Pulse Policy Secure < 9.1R9 (SA44601)

According to its self-reported version, the version of Pulse Policy Secure running on the remote host is prior to 9.1R9. It is, therefore, affected by the following vulnerabilities: - A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to...

Amazon Linux 2 : ipa (ALAS-2020-1519)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1519 advisory. jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1

1.42.027-alt1 built Oct. 21, 2020 Alexey Shabalin in task 260176 Oct. 19, 2020 Alexey Shabalin - snapshot of 1.4 branch 0c66d2335a9dd13006c83ed64ae565a4a3cb7f0c - Update jQuery to address three CVE Vulnerabilities - Fixes: + CVE-2020-11022 + CVE-2020-11023 + CVE-2019-11358...

WordPress Colorbox Lightbox 1.1.1 Cross Site Scripting

Exploit Title: WordPress Plugin Colorbox Lightbox v1.1.1 - Persistent Cross-Site Scripting Vulnerability Authenticated Date: 10.8.2020. Exploit Author: n1x MS-WEB Software Homepage: https://wordpress.org/plugins/wp-colorbox/ Software Link v1.1.1:...