Security Bulletin: IBM Tivoli Netcool Impact is affected by jQuery vulnerabilities (CVE-2020-11022, CVE-2020-11023)

Summary IBM Tivoli Netcool Impact has addressed the following jQuery vulnerabilities. Vulnerability Details CVEID: CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker...

Security Bulletin: IBM API Connect is impacted by vulnerabilities in Drupal (CVE-2020-11022 CVE-2020-11023)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this...

Joomla! 2.5.x < 3.9.19 Multiple Vulnerabilities

According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.19. It is, therefore, affected by multiple vulnerabilities : - Lack of input validation in the heading tag option of the "Articles - Newsflash" and "Articles - Categories" module...

CVE-2020-7656

A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove "...

clubopen.pubgmobile.com Cross Site Scripting vulnerability OBB-1203843

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Drupal 7.x, 8.x jQuery XSS Vulnerabilities (SA-CORE-2020-002) - Windows

Drupal is prone to multiple cross-site scripting vulnerabilities in jQuery. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Drupal 7.x, 8.x jQuery XSS Vulnerabilities (SA-CORE-2020-002) - Linux

Drupal is prone to multiple cross-site scripting vulnerabilities in jQuery. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Joomla 2.5.x < 3.9.19 Multiple Vulnerabilities (5812-joomla-3-9-19)

According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.19. It is, therefore, affected by multiple vulnerabilities. - In Joomla! before 3.9.19, lack of input validation in the heading tag option of the Articles - Newsflash and Article...

Dotnetnuke 5.0.x < 9.6.1 (09.06.01)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 5.0.x prior to 9.6.1. It is, therefore, affected by a vulnerability. - The maintainers of jQuery published version 3.5.0 with a security fix included regarding HTML manipulation. Fixes for this...

Drupal 8.8.x < 8.8.6 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.70, 8.7.x prior to 8.7.14 or 8.8.x prior to 8.8.6. It is, therefore, affected by multilple vulnerabilities : - Two Cross-Site Scripting XSS vulnerabilities in jQuery CVE-2020-11022 ...

Cross-site Scripting (XSS)

october/october is vulnerable to cross-site scripting XSS. The vulnerability exists as it embeds a vulnerable version of jQuery which has improper filtering on the htmlPrefilter method...

Use of insecure jQuery version in OctoberCMS

Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches Issue has been patched in Build 466 v1.0.466 by applying the recommended patch from @jquery. Workarounds Apply...

GHSA-V73W-R9XG-7CR9 Use of insecure jQuery version in OctoberCMS

Impact Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches Issue has been patched in Build 466 v1.0.466 by applying the recommended patch from @jquery. Workarounds Apply...

Update jQuery to avoid CVE-2020-11022 and CVE-2020-11023

h3. Issue Summary Currently, Jira runs with jQuery version 2.2.4, which is susceptible to the following vulnerabilities: https://nvd.nist.gov/vuln/detail/CVE-2020-11023 https://nvd.nist.gov/vuln/detail/CVE-2020-11022 h3. Steps to Reproduce - h3. Expected Results We should update the version of...

RHEL 7 / 8 : Red Hat OpenShift Service Mesh (RHSA-2020:2362)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2362 advisory. Red Hat OpenShift Service Mesh is Red Hat's distribution of the Istio service mesh project, tailored for installation into an on-premise...

AZL-44202 CVE-2020-7662 affecting package js-jquery 3.5.0-4

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2020:2217)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2217 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

Moderate: Red Hat Security Advisory: OpenShift Container Platform 3.11 security update

Red Hat OpenShift Container Platform release 3.11.219 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, whi...