Django jQuery Vulnerability - Linux

Django is prone to a vulnerability in the bundled jQuery. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django";...

Django jQuery Vulnerability - Windows

Django is prone to a vulnerability in the bundled jQuery. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:djangoproject:django";...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

Fedora Update for rubygem-jquery-ui-rails FEDORA-2019-a96124345a

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: rubygem-jquery-ui-rails-6.0.1-1.fc30

jQuery UI's JavaScript, CSS, and image files packaged for the Rails 3.1+ as set pipeline...

URL Validation Bypass

jquery-mobile is vulnerable to URL validation bypass. Forward and Back slashes are not properly handled, which would allow remote attackers to bypass access controls or URL checks due to incorrect parsing of URLs, e.g. http://[email protected]/ is incorrectly considered the same domain as...

Cross-site Scripting (XSS)

jquery-mobile is vulnerable to cross-site scripting. Lack of validation in the Content-Type header of an XHR request results in the rendering of an AJAX JSON response as HTML in a user's browser. A remote attacker is able to inject arbitrary Javascript into a victim's browser by relying on anothe...

Discourse < 2.3.0.beta9 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities in 3rdparty components. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Fedora Update for js-jquery-jstree FEDORA-2019-a171291a47

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 29 Update: js-jquery-jstree-3.3.8-1.fc29

jsTree is jquery plugin, that provides interactive trees. It is absolutely free, open source and distributed under the MIT license. jsTree is easily extendable, themable and configurable, it supports HTML & JSON data sources, AJAX & async callback loading. jsTree functions properly in either...

[SECURITY] Fedora 30 Update: js-jquery-jstree-3.3.8-1.fc30

jsTree is jquery plugin, that provides interactive trees. It is absolutely free, open source and distributed under the MIT license. jsTree is easily extendable, themable and configurable, it supports HTML & JSON data sources, AJAX & async callback loading. jsTree functions properly in either...

Fedora 30 : js-jquery-jstree (2019-38abc6b897)

Update to 3.3.8. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

Fedora Update for js-jquery-jstree FEDORA-2019-38abc6b897

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 29 : js-jquery-jstree (2019-a171291a47)

Update to 3.3.8. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

FreeBSD : Django -- AdminURLFieldWidget XSS (ffc73e87-87f0-11e9-ad56-fcaa147e860e)

Django security releases issued : The clickable 'Current URL' link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickab...

jQuery Mobile < 1.2.0 Cross-site Scripting

According to its self-reported version number, jQuery Mobile is prior to 1.2.0. Therefore, it may be affected by a cross-site scripting vulnerability due to improper escaping of location.href. Note that the scanner has not tested for these issues but has instead relied only on the application's...

Security Bulletin: IBM MessageSight/MessageGateway is affected by the following jQuery vulnerability

Summary IBM MessageSight/MessageGateway has addressed the following jQuery vulnerability: CVE-2019-11358: jQuery mishandles jQuery.extendtrue, , ... Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper...

Django -- AdminURLFieldWidget XSS

Django security releases issued: The clickable "Current URL" link generated by AdminURLFieldWidget displayed the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or a value provided as a URL query parameter payload, could result in an clickabl...

@screeps/launcher (>=0.0.1 <=4.2.0-beta.8), @screepsunleashed/screeps (>=0.1.3 <=0.1.4) +9 more potentially affected by unknown CVE via jquery.terminal (>=0.10.12 <=0.11.4)

jquery.terminal NPM version =0.10.12, =0.0.1, =0.1.3, =2.0.0, =3.3.2, =0.0.3, =0.1.0, =1.0.0, =1.0.2, =0.0.7, =0.1.0 Source cves: unknown CVE Source advisory: OSV:GHSA-2HWP-G4G7-MWWJ...