2424 matches found
Design/Logic Flaw
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...
CVE-2017-15719
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...
CVE-2017-15719
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...
CVE-2017-15719
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...
CVE-2017-15719
CVE-2017-15719 describes a Cross-Site Scripting (XSS) flaw in the Wicket jQuery UI WYSIWYG editor. Affected versions are 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier. The issue allows an attacker to submit arbitrary JavaScript code to the WYSIWYG editor, enabling potential exec...
Cross site scripting
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...
CVE-2017-6929
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...
CVE-2017-6929
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...
CVE-2017-6929
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...
UBUNTU-CVE-2017-6929
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...
CVE-2017-6929
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...
CVE-2017-6929
CVE-2017-6929 is a jQuery-based cross-site scripting vulnerability that affects Drupal’s Ajax requests to untrusted domains. Concrete details from connected documents: Drupal 8 was fixed in 8.4.0 via a core upgrade to jQuery 3; Drupal 7 was fixed in the current release (7.57) with jQuery 1.4.4 (t...
CVE-2017-6929
Removed by vendor...
Cross-site Scripting (XSS)
wicket-jquery-ui-plugins and wicket-kendo-ui are vulnerable to cross-site scripting XSS attacks. These attacks are possible because the WYSIWYG editor allows attackers to enter and execute arbitrary scripts...
FreeBSD : drupal -- Drupal Core - Multiple Vulnerabilities (57580fcc-1a61-11e8-97e0-00e04c1ea73d)
Drupal Security Team reports : CVE-2017-6926: Comment reply form allows access to restricted content CVE-2017-6927: JavaScript cross-site scripting prevention is incomplete CVE-2017-6928: Private file access bypass - Moderately Critical CVE-2017-6929: jQuery vulnerability with untrusted domains -...
Drupal cross-site scripting vulnerability (CNVD-2018-05185)
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community. jQuery is one of the JavaScript libraries used in it. A cross-site scripting vulnerability exists in jQuery in Drupal versions 8 and 7. A remote attacker can exploit this vulnerability...
DRUPAL-CORE-2018-001
This security advisory fixes multiple vulnerabilities in both Drupal 7 and Drupal 8. See below for a list. Comment reply form allows access to restricted content - Critical - Drupal 8 - CVE-2017-6926 Users with permission to post comments are able to view content and comments they do not have...
jquery-docs.ru XSS vulnerability
Open Bug Bounty ID: OBB-564798 Description| Value ---|--- Affected Website:| jquery-docs.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
drupal -- Drupal Core - Multiple Vulnerabilities
Drupal Security Team reports: CVE-2017-6926: Comment reply form allows access to restricted content CVE-2017-6927: JavaScript cross-site scripting prevention is incomplete CVE-2017-6928: Private file access bypass - Moderately Critical CVE-2017-6929: jQuery vulnerability with untrusted domains -...
jQuery vulnerability with untrusted domains.
More info at https://www.drupal.org/SA-CORE-2018-001...