Design/Logic Flaw

DISPUTED jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry...

CVE-2018-18405

CVE-2018-18405 is documented as a cross-site scripting (XSS) flaw in jQuery v2.2.2, triggerable by a crafted onerror attribute on IMG elements. The connected PT-2020-8631 entry confirms jQuery 2.2.2 as the affected software and describes the issue as an XSS vulnerability via an IMG onerror handle...

CVE-2018-18405

Removed by vendor...

CVE-2018-18405

jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry...

CVE-2018-18405

jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry...

PT-2020-8631 · Jquery · Jquery

Name of the Vulnerable Software and Affected Versions: jQuery version 2.2.2 Description: The issue allows for cross-site scripting XSS attacks via a crafted onerror attribute of an IMG element. Recommendations: For jQuery version 2.2.2, consider disabling the use of the onerror attribute in IMG...

Jira uses vulnerable jQuery version CVE-2015-9251

h3. Issue Summary jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. Jira uses jQuery 2.2.4 as of Jira 8.8.0 https://nvd.nist.gov/vuln/detail/CVE-2015-92...

Oracle WebCenter Sites Multiple Vulnerabilities (April 2020 CPU)

Oracle WebCenter Sites component of Oracle Fusion Middleware is vulnerable to multiple vulnerabilities. - Component: Advanced UI jQuery. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromis...

Pinger 1.0 - Remote Code Execution Exploit

Exploit for php platform in category web applications Title: Pinger 1.0 - Remote Code Execution Author: Milad Karimi Vendor Homepage: https://github.com/wcchandler/pinger Software Link: https://github.com/wcchandler/pinger Tested on: windows 10 , firefox Version: 1.0 CVE : N/A...

Burp Exporter - A Burp Suite Extension To Copy A Request To The Clipboard As Multiple Programming Languages Functions

Exporter is a Burp Suite extension to copy a request to the clipboard as multiple programming languages functions. You can export as: cURL Wget Python Request Perl LWP PHP HTTPRequest2 Go Native NodeJS Request jQuery AJAX PowerShell Requirements Jython = 2.7.1 Burp Suite import In Burp Suite, und...

Pinger 1.0 Remote Code Execution

================================================================================ Pinger 1.0 - Simple Pinging Webapp Remote Code Execution ================================================================================ Vendor Homepage: https://github.com/wcchandler/pinger Software Link:...

Pinger 1.0 - Remote Code Execution

Title: Pinger 1.0 - Remote Code Execution Date: 2020-04-13 Author: Milad Karimi Vendor Homepage: https://github.com/wcchandler/pinger Software Link: https://github.com/wcchandler/pinger Tested on: windows 10 , firefox Version: 1.0 CVE : N/A...

Security Bulletin: A vulnerability in jQuery affects the IBM Performance Management product (CVE-2019-11358)

Summary jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site. An...

[R2] Tenable.sc 5.14.0 Fixes Multiple Vulnerabilities

Tenable.sc leverages third-party software to help provide underlying functionality. One third-party component jQuery was found to contain vulnerabilities, and updated versions have been made available by the providers. Out of caution and in line with good practice, Tenable opted to upgrade the...

Cross-site Scripting (XSS)

Overview components/jquery is a jQuery JavaScript Library Affected versions of this package are vulnerable to Cross-site Scripting XSS. Passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others...

[20200604] - Core - XSS in jQuery.htmlPrefilter

The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are "... security issues in jQuery’s DOM manipulation methods, as in .html, .append, and the others."...

PT-2020-6938 · Jquery · Jquery

Name of the Vulnerable Software and Affected Versions: jQuery versions 2.2.0 through 3.5.0 Description: The issue is related to Cross Site Scripting vulnerability, which allows a remote attacker to execute arbitrary code via the element. Passing HTML containing elements from untrusted sources to...

CVE-2012-6708

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

Security Bulletin: IBM Security Information Queue uses components with known vulnerabilities (CVE-2019-8331, CVE-2019-11358)

Summary The IBM Security Information Queue ISIQ web server utilizes a Node.js runtime environment. The environment includes several open source packages with known vulnerabilities. As of ISIQ v1.0.6, the open source packages have been upgraded to the recommended secure versions. Vulnerability...

RHEL 8 : python-XStatic-jQuery (RHSA-2020:1325)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:1325 advisory. python-XStatic-jQuery is the jQuery javascript library packaged for Python's setuptools Security Fixes: prototype pollution in object's prototype...