jQuery-File-Upload 9.22.0 Arbitrary File Upload

Title: jQuery-File-Upload...

HackerOne: DOM Based XSS in www.hackerone.com via PostMessage

Summary: The Marketo contact form available on the www.hackerone.com website is affected by a cross-site scripting vulnerability, caused by an insecure 'message' event listener installed on the page. Whilst this could allow an attacker to execute JavaScript in the context of the www.hackerone.com...

Starbucks: Reflected DOM XSS on www.starbucks.co.uk

Summary: www.starbucks.co.uk is vulnerable to reflected DOM XSS due to 2 seemingly unexploitable issues. The first issue is unfixed for over a year now, 252908, the second issue originates in a 3rd party module called prettyPhoto. Description: Visiting the following link results in a JavaScript...

Fedora Update for python-XStatic-jquery-ui FEDORA-2018-2d2179e7d0

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for python-XStatic-jquery-ui FEDORA-2018-f972c1b36e

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 27 Update: python-XStatic-jquery-ui-1.12.0.1-2.fc27

JavaScript library packaged for setuptools easyinstall / pip. This package is intended to be used by any project that needs these files. It intentionally does not provide any extra code except some metadata nor has any extra requirements...

[R2] SecurityCenter 5.7.0 Fixes Multiple Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components PHP and jQuery were found to contain vulnerabilities, and updated versions have been made available by the providers...

[R2] SecurityCenter 5.7.0 Fixes Multiple Vulnerabilities

SecurityCenter leverages third-party software to help provide underlying functionality. Two separate third-party components PHP and jQuery were found to contain vulnerabilities, and updated versions have been made available by the providers...

GHSA-G8Q2-24JH-5HPC High severity vulnerability that affects jquery-ui

Withdrawn, accidental duplicate publish. Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...

High severity vulnerability that affects jquery-ui

Withdrawn, accidental duplicate publish. Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...

Seeker - Find GeoLocation With High Accuracy

Seeker utilizes HTML5, Javascript, JQuery and PHP to grab Device Information and GeoLocation with High Accuracy. Other tools and services offer IP Geolocation which is not very accurate and does not give location of user. Generally if a user accepts location permsission, Accuracy of the informati...

GHSA-6CWV-X26C-W2Q4 Jupyter Notebook file bypasses sanitization, executes JavaScript

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

Jupyter Notebook file bypasses sanitization, executes JavaScript

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

Security Bulletin: IBM Security Guardium Big Data Intelligence (SonarG) is affected by a Using Components with Known Vulnerabilities vulnerability

Summary IBM Security Guardium Big Data Intelligence SonarG has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2016-7103 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the dialog function. A remote...

jQuery cross-site scripting vulnerability (CNVD-2018-14534)

jQuery is an American programmer John Resig developed a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in jQuery...

jQuery cross-site scripting vulnerability (CNVD-2018-14354)

jQuery is an American programmer John Resig developed a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in jQuery...

Cross-site Scripting (XSS)

drupal/drupal is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the inclusion of a vulnerable jQuery which allows untrusted domains request through AJAX requests, allowing XSS to occur...

CVE-2017-16204

The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

AZL-43792 CVE-2017-16137 affecting package js-jquery 3.5.0-4

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...

AZL-44400 CVE-2017-16137 affecting package js-jquery 3.5.0-4

The debug module is vulnerable to regular expression denial of service when untrusted user input is passed into the o formatter. It takes around 50k characters to block for 2 seconds making this a low severity issue...