CVE-2018-18405

jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry...

Cross-site Scripting (XSS)

Overview jquery is a package that makes things like HTML document traversal and manipulation, event handling, animation, and Ajax much simpler with an easy-to-use API that works across a multitude of browsers. Affected versions of this package are vulnerable to Cross-site Scripting XSS. load fail...

CVE-2020-7656

CVE-2020-7656 affects jQuery versions prior to 1.9.0. The vulnerability arises from the load method failing to strip certain ), enabling cross‑site scripting. Public materials describe PoC/exploitation and public advisories/patch guidance (e.g., upgrade to 1.9.0+). The CVE is documented with an o...

CVE-2020-7656

Removed by vendor...

CVE-2020-7656

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed...

PT-2020-6926 · Jquery +5 · Jquery +5

Name of the Vulnerable Software and Affected Versions: jquery versions prior to 1.9.0 Description: The issue allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove HTML tags that contain a whitespace character, i.e: , which results in the enclosed...

jQuery 1.2.0 < 3.5.0 Cross-Site Scripting

According to its self-reported version number, jQuery is at least 1.2.0 and prior to 3.5.0. Therefore, it may be affected by a cross-site scripting vulnerability via the regex operation in jQuery.htmlPrefilter. Note that the scanner has not tested for these issues but has instead relied only on t...

jQuery 1.2 < 3.5.0 XSS Vulnerability

jQuery is prone to a cross-site scripting XSS vulnerability in jQuery.htmlPrefilter and related methods. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Cross-Site Scripting

Overview Versions of jquery prior to 3.5.0 are vulnerable to Cross-Site Scripting. Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute arbitrary JavaScript in a victim's browser. Recommendation...

Cross-Site Scripting (XSS)

jquery is vulnerable to cross-site scripting XSS. When passing a HTML containing elements to one of jQuery's DOM manipulation methods i.e. .html, .append, and others, untrusted code may potentially be executed...

Cross-Site Scripting (XSS)

jquery is vulnerable to cross-site scripting XSS. When passing a HTML from untrusted sources to one of jQuery's DOM manipulation methods i.e. .html, .append, and others, untrusted code may potentially be executed...

jQuery cross-site scripting vulnerability (CNVD-2020-27491)

jQuery is the United States John Resig programmer of a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in jQuery. The...

jQuery cross-site scripting vulnerability (CNVD-2021-26411)

jQuery is a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in versions of jQuery prior to 3.5.0. The vulnerability...

CVE-2020-11022

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Remediation There is no fixed version for...

Cross-site Scripting (XSS)

Overview components/jquery is a jQuery JavaScript Library Affected versions of this package are vulnerable to Cross-site Scripting XSS. Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untruste...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS. Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Remediation Upgrade maximebf/debugbar to...

GHSA-JPCQ-CGW6-V4J6 Potential XSS vulnerability in jQuery

Impact Passing HTML containing elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches This problem is patched in jQuery 3.5.0. Workarounds To workaround this issue without...

Potential XSS vulnerability in jQuery

Impact Passing HTML containing elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches This problem is patched in jQuery 3.5.0. Workarounds To workaround this issue without...

000demo (>=1.0.0 <=1.1.0), 03-npm-abc (>=1.0.0 <=1.1.0) +6511 more potentially affected by CVE-2020-11023 +1 more via jquery (>=1.11.0 <=3.4.1)

jquery NPM version =1.11.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.2.1, =0.1.75, =0.2.0 - 4.yarntest =1.0.3 - 4design =0.0.1 and more Source cves: CVE-2020-11023, CVE-2020-23064 Source advisory: OSV:GHSA-JPCQ-CGW6-V4J6...