CVE-2015-9500

The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js...

Oracle WebLogic Server Multiple Vulnerabilities (Oct 2019 CPU)

The version of Oracle WebLogic Server installed on the remote host is affected by multiple vulnerabilities: - An unspecified vulnerability in the jquery component of the Web Services of Oracle Weblogic Server. An unauthenticated, remote attacker can exploit this to gain unauthorized update, inser...

Multiple vulnerabilities in extension "SLUB: Event Registration" (slub_events)

The extension allows to upload arbitrary files to the webserver. For versions 1.2.2 and below, this vulnerability results in Remote Code Execution. In versions later than 1.2.2, the vulnerability can result in Denial of Service, since the webspace can be filled up with arbitrary files. The...

CVE-2015-9479

The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

Moderate: Red Hat Security Advisory: ovirt-web-ui security and bug fix update

An update for ovirt-web-ui is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Moderate: Red Hat Security Advisory: ovirt-engine-ui-extensions security and bug fix update

An update for ovirt-engine-ui-extensions is now available for Red Hat Virtualization Engine 4.3. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

[ASA-201910-4] ruby-rdoc: cross-site scripting

Arch Linux Security Advisory ASA-201910-4 ========================================= Severity: Medium Date : 2019-10-02 CVE-ID : CVE-2012-6708 CVE-2015-9251 Package : ruby-rdoc Type : cross-site scripting Remote : Yes Link : https://security.archlinux.org/AVG-1041 Summary ======= The package...

ForeScout Technologies: DOM XSS at www.forescout.com in Microsoft Edge and IE Browser

Summary: I've found an DOM Based XSS on homepage Steps To Reproduce: 1.Go to this url and you'll see alert pop https://www.forescout.com/ But this will work just on ME/IE browsers because chrome and firefox have default encode system hash url And vulnerable code is on your directly source code...

WordPress SlickQuiz 1.3.7.1 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================= Product: SlickQuiz Vendor URL: https://wordpress.org/plugins/slickquiz/ Type: Cross-Site Scripting CWE-79 Date found: 2019-05-30 Date published: 2019-09-10 CVSSv3 Score: 6.1...

FreeBSD : wordpress -- multiple issues (8a9f86de-d080-11e9-9051-4c72b94353b5)

wordpress developersreports : Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting XSS vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments. Props to Tim Coen f...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

wordpress -- multiple issues

wordpress developers reports: Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting XSS vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments. Props to Tim Coen f...

FreeBSD : RDoc -- multiple jQuery vulnerabilities (ed8d5535-ca78-11e9-980b-999ff59c22ea)

Ruby news : There are multiple vulnerabilities about Cross-Site Scripting XSS in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc. The following vulnerabilities have been reported...

RDoc -- multiple jQuery vulnerabilities

Ruby news: There are multiple vulnerabilities about Cross-Site Scripting XSS in jQuery shipped with RDoc which bundled in Ruby. All Ruby users are recommended to update Ruby to the latest release which includes the fixed version of RDoc. The following vulnerabilities have been reported...

Security Bulletin: IBM Security Privileged Identity Manager is affected by multiple security vulnerabilities

Summary IBM Security Privileged Identity Manager has addressed the following security vulnerabilities. Vulnerability Details CVEID: CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuerystrInput function. A remot...

Malicious Package

Overview Version 0.2.5 of jquery-airload contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's...

Update jQuery to address CVE-2019-11358

The version of jQuery used in Jira before 8.2.3 was vulnerable to CVE-2019-11358. This issue was addressed by updating Jira server to use a patched & custom version of jQuery 2.2.4.7...

Update jQuery to address CVE-2019-11358

The version of jQuery used in Jira before 8.2.3 was vulnerable to CVE-2019-11358. This issue was addressed by updating Jira server to use a patched & custom version of jQuery 2.2.4.7...