jQuery vulnerability with untrusted domains.

More info at https://www.drupal.org/SA-CORE-2018-001...

PT-2018-17806 · WordPress · Bookly

Name of the Vulnerable Software and Affected Versions: Bookly 1 WordPress Booking Plugin Lite versions prior to 14.5 Description: The issue concerns a cross-site scripting XSS flaw. It is triggered by a jQuery.ajax request to the ng-payment details dialog.js file. Recommendations: For Bookly 1...

JQuery Detection

Nessus was able to detect JQuery on the remote host. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid106658; scriptversion"1.8"; scriptsetattributeattribute:"pluginmodificationdate", value:"2024/02/08"; scriptnameenglish:"JQuery Detection"; scriptsummaryenglish:"Detec...

JQuery 1.x < 1.12.0 / 2.x < 2.2.0 XSS

The version of JQuery library hosted on the remote web server is 1.x prior to 1.12.0 or 2.x prior to 2.2.0. It is, therefore, affected by a cross site scripting vulnerability when using location.host to select elements. C Tenable Network Security, Inc. include"compat.inc"; if description...

JQuery 1.6.x < 1.6.3 XSS

According to the self-reported version in the script, the version of JQuery hosted on the remote web server is 1.6.x prior to 1.6.3. It is, therefore, affected by a cross site scripting vulnerability when using location.hash to select elements. C Tenable Network Security, Inc. include'compat.inc'...

jquery-docs.ru XSS vulnerability

Open Bug Bounty ID: OBB-550249 Description| Value ---|--- Affected Website:| jquery-docs.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

jQuery Denial of Service Vulnerability

jQuery is an American programmer John Resig developed a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A denial of service vulnerability exists in versions of...

jQuery cross-site scripting vulnerability (CNVD-2018-02374)

jQuery is an American programmer John Resig developed a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in versions of...

Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin)

New Admin Username: Password: Confirm Password: Email: $"ekleabi".live'click',function $.ajax type: "POST", url: "http://ronnieswietek.com/cc/clients/resources/ajax/ajaxnewadmin.php", data: username:$".efe username".val, password1:$".efe password1".val, password2:$".efe password2".val, email:$".e...

Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin)

Photography CMS 1.0 - Cross-Site Request Forgery Add Admin New Admin Username: Password: Confirm Password: Email: $"ekleabi".live'click',function $.ajax type: "POST", url: "http://ronnieswietek.com/cc/clients/resources/ajax/ajaxnewadmin.php", data: username:$".efe username".val, password1:$".efe...

jQuery cross-site scripting vulnerability (CNVD-2018-02375)

jQuery is an American programmer John Resig developed a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in versions of...

org.webjars.npm:addel (=1.3.1), org.webjars.npm:angular-chosen-localytics (=1.4.0) +36 more potentially affected by CVE-2016-10707 via org.webjars.npm:jquery (=3.0.0-rc1)

org.webjars.npm:jquery MAVEN version =3.0.0-rc1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jquery and may be impacted: - org.webjars.npm:addel =1.3.1 - org.webjars.npm:angular-chosen-localytics =1.4.0 -...

GHSA-MHPP-875W-9CPV Denial of Service in jquery

Affected versions of jquery use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a denial of service condition. Recommendation Upda...

org.webjars.npm:github-com-jasonday-printThis (=1.9.0), org.webjars.npm:github-com-manifestinteractive-jqvmap (=1.5.1) +3 more potentially affected by CVE-2015-9251 via org.webjars.npm:jquery (>=1.11.3 <=1.12.1)

org.webjars.npm:jquery MAVEN version =1.11.3, =1.12.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jquery and may be impacted: - org.webjars.npm:github-com-jasonday-printThis =1.9.0 -...

000demo (>=1.0.0 <=1.1.0), 03-npm-abc (>=1.0.0 <=1.1.0) +5129 more potentially affected by CVE-2015-9251 via jquery (>=1.12.3 <=2.2.4)

jquery NPM version =1.12.3, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.2.1, =0.1.75, =0.3.0, =1.0.0, =4.13.7-rc4, =0.65.0, =0.17.0, =0.24.2 and more Source cves: CVE-2015-9251 Source advisory: OSV:GHSA-RMXG-73GG-4P98...

com.novocode:ornate_2.11 (>=0.3 <=0.5), com.novocode:ornate_2.12 (=0.6) +66 more potentially affected by CVE-2015-9251 via org.webjars.npm:jquery (>=1.12.3 <=3.0.0-rc1)

org.webjars.npm:jquery MAVEN version =1.12.3, =0.3, =0.2.0, =2.0.9, =1.0.4, =1.3.2, =5.0.3, =5.1.3 and more Source cves: CVE-2015-9251 Source advisory: OSV:GHSA-RMXG-73GG-4P98...

0624zmj (=1.0.0), 192.168.0.172 (=4.6.1) +323 more potentially affected by CVE-2015-9251 via jquery (>=1.11.0 <=1.12.1)

jquery NPM version =1.11.0, =0.0.3, =0.0.6, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.2 and more Source cves: CVE-2015-9251 Source advisory: OSV:GHSA-RMXG-73GG-4P98...

Cross-Site Scripting (XSS) in jquery

Affected versions of jquery interpret text/javascript responses from cross-origin ajax requests, and automatically execute the contents in jQuery.globalEval, even when the ajax request doesn't contain the dataType option. Recommendation Update to version 3.0.0 or later...

Cross-Site Scripting (XSS) in jquery

Affected versions of jquery interpret text/javascript responses from cross-origin ajax requests, and automatically execute the contents in jQuery.globalEval, even when the ajax request doesn't contain the dataType option...

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...