RHEL 7 / 8 : Red Hat OpenShift Service Mesh (RHSA-2020:3369)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:3369 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

Important: Red Hat Security Advisory: RHV Manager (ovirt-engine) 4.4 security, bug fix, and enhancement update

Updated ovirt-engine packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

GHSA-FPQV-X9HM-35J9 Cross-site Scripting vulnerability in Kitodo.Presentation

Impact Kitodo.Presentation fails to properly encode URL parameters for output in HTML making it vulnerable to Cross Site Scripting XSS. Only sites using the ListView, Navigation or PageView plugins are affected. It also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site...

Cross-site Scripting vulnerability in Kitodo.Presentation

Impact Kitodo.Presentation fails to properly encode URL parameters for output in HTML making it vulnerable to Cross Site Scripting XSS. Only sites using the ListView, Navigation or PageView plugins are affected. It also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site...

FreeBSD : Cacti -- multiple vulnerabilities (cd2dc126-cfe4-11ea-9172-4c72b94353b5)

Cacti developers reports : Multiple fixes for bundled jQuery to prevent code exec CVE-2020-11022, CVE-2020-11023. PHPMail contains a escaping bug CVE-2020-13625. SQL Injection via color.php in Cacti CVE-2020-14295. C Tenable Network Security, Inc. The descriptive text and package checks in this...

Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)

The extension fails to properly encode user input for output in HTML context. In addition, the extension also includes jQuery 3.4.1 which is known to be vulnerable against Cross Site Scripting...

Security Bulletin: IBM API Connect is impacted by a cross-site scripting vulnerability in jQuery (XForce ID 180875)

Summary IBM API Connect has addressed the following vulnerability. Vulnerability Details Third Party Entry: 180875 DESCRIPTION: jQuery cross-site scripting CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180875 for the current score. CVSS Vector...

Security Bulletin: Security vulnerabilities have been identified in BigFix Platform shipped with IBM License Metric Tool.

Summary BigFix Platform is shipped with IBM License Metric Tool. Information about a security vulnerability affecting BigFix Platform has been published in a security bulletin. Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site...

Kali-Linux-Tools-Interface - Graphical Web Interface Developed To Facilitate The Use Of Security Information Tools

A graphical interface to use information security tools by the browser. Getting Started Kali Linux Tools Interface is a graphical interface to use information security tools by the browser. The project uses the Kali Linux tools as a reference because it is the distribution that has the largest...

Oracle Primavera Gateway (Jul 2020 CPU)

The 16.2.0-16.2.11, 17.12.0-17.12.7, 18.8.0-18.8.9, and 19.12.0-19.12.4 versions of Primavera Gateway installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2020 CPU advisory. - Vulnerability in the Primavera Gateway product of Oracle Construction and...

Security Bulletin: Cross-site Scripting and Vulnerable library - JQuery v1.11.1 affects IBM Engineering Workflow Management

Summary There are two vulnerabilities that affect IBM Engineering Workflow Management, there is a cross-site scripting stored in EWM code and actually library JQuery is vulnerable too. Vulnerability Details CVEID: CVE-2019-4747 DESCRIPTION: IBM Team Concert RTC is vulnerable to cross-site...

AZL-44964 CVE-2020-8203 affecting package js-jquery 3.5.0-4

Prototype pollution attack when using .zipObjectDeep in lodash before 4.17.20...

Cacti -- multiple vulnerabilities

Cacti developers reports: Multiple fixes for bundled jQuery to prevent code exec CVE-2020-11022, CVE-2020-11023. PHPMail contains a escaping bug CVE-2020-13625. SQL Injection via color.php in Cacti CVE-2020-14295...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.1 security update

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

Security Bulletin: Vulnerabilities in jQuery affect IBM License Metric Tool v9.

Summary Vulnerabilities discovered in jQuery component affect IBM License Metric Tool v9. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could...