Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2424 matches found

OSV
OSVadded 2018/01/18 11:29 p.m.3 views

AZL-43897 CVE-2012-6708 affecting package python-httplib2 0.20.3-3

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

6.1CVSS6.6AI score0.00902EPSS
Exploits6References1
Cvelist
Cvelistadded 2018/01/18 11:0 p.m.18 views

CVE-2016-10707

jQuery 3.0.0-rc.1 is vulnerable to Denial of Service DoS due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit...

7.5AI score0.00533EPSS
Exploits1References3
Cvelist
Cvelistadded 2018/01/18 11:0 p.m.122 views

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

6.8AI score0.18007EPSS
Exploits2References38
CVE
CVEadded 2018/01/18 11:0 p.m.996 views

CVE-2012-6708

CVE-2012-6708 concerns jQuery. In versions before 1.9.0, the library’s jQuery(strInput) would treat inputs containing the character ‘<’ as HTML payloads, conflating HTML with selectors and enabling XSS via crafted strings. The underlying issue was that any input containing ‘<’ could be misi...

6.1CVSS5.8AI score0.00902EPSS
Exploits6References11Affected Software1
Debian CVE
Debian CVEadded 2018/01/18 11:0 p.m.89 views

CVE-2012-6708

Removed by vendor...

6.1CVSS6.7AI score0.00902EPSS
Exploits6
Cvelist
Cvelistadded 2018/01/18 11:0 p.m.67 views

CVE-2012-6708

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

6.1AI score0.00902EPSS
Exploits6References11
Debian CVE
Debian CVEadded 2018/01/18 11:0 p.m.20 views

CVE-2016-10707

Removed by vendor...

7.5CVSS7AI score0.00533EPSS
Exploits1
CVE
CVEadded 2018/01/18 11:0 p.m.413 views

CVE-2016-10707

The connected IBM CP4S security bulletin documents CVE-2016-10707 affecting jQuery 3.0.0-rc.1, describing a DoS via infinite recursion when attribute getters use mixed-case booleans. The CP4S advisory lists CP4S versions affected (1.8.1.0, 1.8.0.0, 1.7.2.0) and instructs upgrading to CP4S 1.9.0.0...

7.5CVSS7.3AI score0.00533EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVEadded 2018/01/18 11:0 p.m.68 views

CVE-2015-9251

Removed by vendor...

6.1CVSS6.9AI score0.18007EPSS
Exploits2
AlpineLinux
AlpineLinuxadded 2018/01/18 11:0 p.m.47 views

CVE-2012-6708

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

6.1CVSS6.2AI score0.00902EPSS
Exploits6
AlpineLinux
AlpineLinuxadded 2018/01/18 11:0 p.m.115 views

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

6.1CVSS7AI score0.18007EPSS
Exploits2
CVE
CVEadded 2018/01/18 11:0 p.m.2683 views

CVE-2015-9251

CVE-2015-9251 affects jQuery before 3.0.0, enabling XSS when a cross-domain Ajax request omits the dataType option and text/javascript responses are executed. Connected advisories confirm the issue and indicate an upgrade resolves it; remediation is to upgrade jQuery to a fixed version as provide...

6.1CVSS6.3AI score0.18007EPSS
Exploits2References38Affected Software1
CNVD
CNVDadded 2018/01/18 12:0 a.m.3 views

jQuery cross-site scripting vulnerability (CNVD-2018-02373)

jQuery is an American programmer John Resig developed a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in jQuery...

6.1CVSS6.3AI score0.00939EPSS
Exploits0References1
RubySec
RubySecadded 2018/01/18 12:0 a.m.18 views

Denial of Service in jquery

Affected versions of jquery use a lowercasing logic on attribute names. When given a boolean attribute with a name that contains uppercase characters, jquery enters into an infinite recursion loop, exceeding the call stack limit, and resulting in a denial of service condition. Recommendation Upda...

7.5CVSS6.8AI score0.00533EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologiesadded 2018/01/18 12:0 a.m.5 views

PT-2018-4879 · Jquery · Jquery

Name of the Vulnerable Software and Affected Versions: jquery versions 3.0.0-rc.1 Description: The issue arises due to the removal of logic that lowercased attribute names, leading to an infinite recursion when attribute getters use mixed-cased names for boolean attributes. This results in...

7.5CVSS6.5AI score0.00533EPSS
Exploits1References12
ATTACKERKB
ATTACKERKBadded 2018/01/18 12:0 a.m.88 views

CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. Recent assessments: ze3ter at July 13, 2021 1:47pm UTC reported: Assessed Attacker Value: 3 Assessed...

6.1CVSS2.1AI score0.18007EPSS
Exploits2References39
NVD
NVDadded 2018/01/16 7:29 p.m.14 views

CVE-2014-6071

jQuery 1.4.2 allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to use of the text method inside after...

6.1CVSS6.1AI score0.00939EPSS
Exploits0References3
Prion
Prionadded 2018/01/16 7:29 p.m.17 views

Cross site scripting

jQuery 1.4.2 allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to use of the text method inside after...

4.3CVSS6.1AI score0.00939EPSS
Exploits0References3Affected Software1
UbuntuCve
UbuntuCveadded 2018/01/16 7:29 p.m.24 views

CVE-2014-6071

jQuery 1.4.2 allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to use of the text method inside after...

6.1CVSS6.7AI score0.00939EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2018/01/16 7:0 p.m.15 views

CVE-2014-6071

Removed by vendor...

6.1CVSS6.7AI score0.00939EPSS
Exploits0
Rows per page
Query Builder