Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2424 matches found

ATTACKERKB
ATTACKERKBadded 2019/04/20 12:0 a.m.557 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , … because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype. Recent assessments: ANHKWAR at Ma...

6.1CVSS6.9AI score0.02803EPSS
In wildExploits4References85
Cvelist
Cvelistadded 2019/04/19 12:0 a.m.110 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

7AI score0.01319EPSS
Exploits4References73
Debian CVE
Debian CVEadded 2019/04/19 12:0 a.m.54 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS6.6AI score0.01319EPSS
Exploits4
RubySec
RubySecadded 2019/04/19 12:0 a.m.40 views

Prototype pollution attack through jQuery $.extend

jQuery before 3.4.0 mishandles jQuery.extendtrue, , ... because of bject.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS2.2AI score0.01319EPSS
Exploits4References1Affected Software1
Vulnrichment
Vulnrichmentadded 2019/04/19 12:0 a.m.19 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.5AI score0.01319EPSS
Exploits4References73
CVE
CVEadded 2019/04/19 12:0 a.m.2513 views

CVE-2019-11358

CVE-2019-11358 is a prototype pollution vulnerability in jQuery (before 3.4.0) where mishandling of extend(true, {}, ...) can extend Object.prototype if an unsanitized source object has an enumerable proto property. The Core issue is triggered when a polluted prototype is introduced via nested ob...

6.1CVSS6.4AI score0.01319EPSS
In wildExploits4References73Affected Software1
Tenable Nessus
Tenable Nessusadded 2019/04/19 12:0 a.m.61 views

Drupal 7.x < 7.66 / 8.5.x < 8.5.15 / 8.6.x < 8.6.15 Multiple Vulnerabilities (drupal-2019-04-17)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.66, 8.5.x prior to 8.5.15, or 8.6.x prior to 8.6.15. It is, therefore, affected by multiple vulnerabilities. - The jQuery project released version 3.4.0, and as part of that, disclose...

9.8CVSS7.9AI score0.11901EPSS
Exploits1References13
AlpineLinux
AlpineLinuxadded 2019/04/19 12:0 a.m.76 views

CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS7.1AI score0.01319EPSS
Exploits4
The Hacker News
The Hacker Newsadded 2019/04/17 9:51 p.m.5 views

Drupal Releases Core CMS Updates to Patch Several Vulnerabilities

Drupal, the popular open-source content management system, has released security updates to address multiple "moderately critical" vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites. According to the advisories publishe...

9.8CVSS7.3AI score0.11901EPSS
Exploits1
The Hacker News
The Hacker Newsadded 2019/04/17 9:51 p.m.94 views

Drupal Releases Core CMS Updates to Patch Several Vulnerabilities

Drupal, the popular open-source content management system, has released security updates to address multiple "moderately critical" vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites. According to the advisories publishe...

9.8CVSS0.6AI score0.11901EPSS
Exploits1
OSV
OSVadded 2019/04/17 8:30 p.m.1 views

DRUPAL-CORE-2019-006

The jQuery project released version 3.4.0, and as part of that, disclosed a security vulnerability that affects all prior versions. As described in their release notes: jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue, , .... If an unsanitized source object...

6.1CVSS6.6AI score0.01319EPSS
Exploits4References1
Drupal
Drupaladded 2019/04/17 12:0 a.m.88 views

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006

The jQuery project released version 3.4.0, and as part of that, disclosed a security vulnerability that affects all prior versions. As described in their release notes: jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue, , .... If an unsanitized source object...

6.1CVSS2.1AI score0.01319EPSS
Exploits4References17
Symantec
Symantecadded 2019/04/17 12:0 a.m.197 views

JQuery CVE-2019-11358 Cross Site Scripting Vulnerability

Description JQuery is prone to a cross-site-scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

4.3CVSS1.6AI score0.01319EPSS
Exploits4References8Affected Software54
FreeBSD
FreeBSDadded 2019/04/17 12:0 a.m.39 views

drupal -- Drupal core - Moderately critical

Drupal Security Team reports: CVE-2019-10909: Escape validation messages in the PHP templating engine. CVE-2019-10910: Check service IDs are valid. CVE-2019-10911: Add a separator in the remember me cookie hash. jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue...

9.8CVSS1.2AI score0.11901EPSS
Exploits1References2
Fortinet
Fortinetadded 2019/04/10 12:0 a.m.72 views

Protect

FortiSwitch is vulnerable to multiple Cross-site Scripting XSS attacks present in the jQuery javascript library...

4.3CVSS6.5AI score0.18007EPSS
Exploits6Affected Software11
0day.today
0day.todayadded 2019/04/03 12:0 a.m.1536 views

PhreeBooks ERP 5.2.3 - Arbitrary File Upload Exploit

Exploit for php platform in category web applications PhreeBooks ERP v5.2.3 - Arbitrary File Upload Exploit Author: Abdullah Çelebi Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/files/latest/download Category: Webapps Version: 5.2.3 Tested...

7.4AI score
Exploits0
Exploit DB
Exploit DBadded 2019/04/03 12:0 a.m.242 views

PhreeBooks ERP 5.2.3 - Arbitrary File Upload

PhreeBooks ERP v5.2.3 - Arbitrary File Upload Date: 03.04.2019 Exploit Author: Abdullah Çelebi Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/files/latest/download Category: Webapps Version: 5.2.3 Tested on: WAMPP @Win Software description:...

7.4AI score
Exploits0
Node.js
Node.jsadded 2019/04/02 9:6 p.m.116 views

Prototype Pollution

Overview Versions of jquery prior to 3.4.0 are vulnerable to Prototype Pollution. The extend method allows an attacker to modify the prototype for Object causing changes in properties that will exist on all objects. Recommendation Upgrade to version 3.4.0 or later. References - HackerOne Report -...

7.6AI score
Exploits3Affected Software1
Hacker One
Hacker Oneadded 2019/03/30 2:10 p.m.94 views

Ruby: Ruby is shipping a vulnerable jQuery

No this isn't a report about the website! Ruby ships Darkfish as part of RDoc https://github.com/ruby/ruby/tree/HEAD/lib/rdoc/generator/template/darkfish https://github.com/ruby/rdoc/tree/master/lib/rdoc/generator/template/darkfish https://github.com/ged/darkfish Darkfish includes jQuery v1.6.4,...

4.3CVSS6.9AI score0.18007EPSS
Exploits6
Packet Storm
Packet Stormadded 2019/03/27 12:0 a.m.65 views

Joomla ARI Image Slider 2.2.0 Cross Site Request Forgery / Shell Upload

Exploit Title : Joomla ARI Image Slider 2.2.0 CSRF Shell Upload Author Discovered By : KingSkrupellos Team : Cyberizm Digital Security Army Date : 27/03/2019 Vendor Homepage : ari-soft.com Software Download Link : ari-soft.com/Joomla-Components/ARI-Image-Slider/Detailed-product-flyer.html Softwar...

0.4AI score
Exploits0
Rows per page
Query Builder