CVE-2017-16204

The jquey module exfiltrates sensitive data such as a user's private SSH key and bash history to a third party server during installation...

AZL-44547 CVE-2017-16042 affecting package js-jquery 3.5.0-4

Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution...

AZL-44502 CVE-2016-10540 affecting package js-jquery 3.5.0-4

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects. The primary function, minimatchpath, pattern in Minimatch 3.0.1 and earlier is vulnerable to ReDoS in the pattern parameter...

Valve: Stored XXS @ https://steamcommunity.com/search/users/#text= via Profile Name

Dear Valve security staff, Short description --------------------- There is a stored cross-site-scripting vulnerability present at the user search endpoint which can be exploited by modifying profile name of the would be attacking account. See POC picture. Steps to reproduce ---------------------...

jquery-docs.ru XSS vulnerability

Open Bug Bounty ID: OBB-603948 Description| Value ---|--- Affected Website:| jquery-docs.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-1325

In Apache wicket-jquery-ui = 6.29.0, = 7.10.1, = 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display...

Code injection

In Apache wicket-jquery-ui = 6.29.0, = 7.10.1, = 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display...

CVE-2018-1325

CVE-2018-1325 affects the Wicket-JQuery-UI integration. In versions ≤ 6.29.0, ≤ 7.10.1, and ≤ 8.0.0-M9.1, JavaScript code created in the WYSIWYG editor can be executed on display, enabling cross-site scripting (XSS) as described in multiple sources. The connected documents corroborate an XSS risk...

Cross-Site Scripting (XSS)

liquibase-core is vulnerable to cross-site scripting XSS attacks. The attacks are possible because it employs the vulnerable version of jquery in liquibase-core/src/main/resources/liquibase/sdk/watch/js/jquery-1.11.0.min.js. This vulnerability is related to SID-6097...

Cross-Site Scripting (XSS)

jQuery is susceptible to cross-site scripting XSS attacks. It is vulnerable because it immediately executes the event handlers or scripts passed to parseHTML.js, allowing the malicious user to inject arbitrary HTML or script through it...

Updated jupyter-notebook packages fix security vulnerability

CVE-2018-8768: In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

Wicket jQuery UI WYSIWYG Editor Vulnerability

Wicket jQuery UI is an API that provides all the jQuery UI integration . WYSIWYG editor is one of the editors . A security vulnerability exists in the WYSIWYG editor in Wicket jQuery UI versions 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier. An attacker can exploit the...

CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

PYSEC-2018-57

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

CVE-2018-8768

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

Jupyter Notebook -- vulnerability

MITRE reports: In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous...

Vulnerable javascript library: jQuery

Good morning. It has been brought to my attention that jQuery library has a vulnerability. In jQuery version before 1.9.0b1 selector interpreted as HTML. This could lead to potential vulnerabilities https://bugs.jquery.com/ticket/11290. Solution: jQuery version 1.9.0b1 has been released to addres...

Vulnerable javascript library: jQuery

Good morning. It has been brought to my attention that jQuery library has a vulnerability. In jQuery version before 1.9.0b1 selector interpreted as HTML. This could lead to potential vulnerabilities https://bugs.jquery.com/ticket/11290. Solution: jQuery version 1.9.0b1 has been released to addres...

js-jquery: XSS in responses from cross-origin ajax requests

REJECTED CVE This CVE has been rejected. This candidate is a duplicate of CVE-2015-9251. Note: All CVE users should reference CVE-2015-9251 instead of this candidate...