CVE-2014-6071

CVE-2014-6071 affects jQuery 1.4.2, where the vulnerability is an xss in the web page generation path caused by improper handling of the text() method inside after. The connected documents confirm the affected product/component and the root cause (XSS via text() in after) and reference explicit m...

Fedora 27 : mrbs (2017-f93ebc905e)

Changes since MRBS 1.6.1 : - Fixed a number of security issues in MRBS that were disclosed to the project by SySS GmbH, including XSS, CSRF protection and session fixation. - Improved behaviour of browser caching in MRBS. - Improved localisation, especially the use of colons in labels. - Added ne...

Cross-Site Scripting (XSS)

jquery-migrate is vulnerable to cross-site scripting XSS. The vulnerability exists due to an incomplete fix which sanitized the string of XSS before it was trimmed. As a result, this allows scripts made after a space or that have a leading-hash to be executed...

Fedora 25 : mrbs (2017-b5bcfedf10)

Changes since MRBS 1.6.1 : - Fixed a number of security issues in MRBS that were disclosed to the project by SySS GmbH, including XSS, CSRF protection and session fixation. - Improved behaviour of browser caching in MRBS. - Improved localisation, especially the use of colons in labels. - Added ne...

JQuery Update to the latest version

h3. Definition JQuery is currently at version 1.7.2 where it contains 1 medium security vulnerability. h3. Suggestion To update the JQuery version that does not have a vulnerability threat...

JQuery Update to the latest version

h3. Definition JQuery is currently at version 1.7.2 where it contains 1 medium security vulnerability. h3. Suggestion To update the JQuery version that does not have a vulnerability threat...

Fedora Update for python-XStatic-jquery-ui FEDORA-2017-1bf5a0ce01

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora Update for python-XStatic-jquery-ui FEDORA-2017-e2d17af41e

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 26 Update: python-XStatic-jquery-ui-1.12.0.1-2.fc26

JavaScript library packaged for setuptools easyinstall / pip. This package is intended to be used by any project that needs these files. It intentionally does not provide any extra code except some metadata nor has any extra requirements...

jqueryFileTree directory traversal vulnerability

jqueryFileTree is a configurable AJAX file browser plugin with jQuery . A directory traversal vulnerability exists in jqueryFileTree 2.1.5 and earlier versions. No detailed vulnerability details are provided at this time...

I, Librarian Catalog Enumeration Vulnerability

Scilico I, Librarian is the United States Scilico company a set of online PDF document management system. A security vulnerability exists in the jqueryFileTree.php file in Scilico I, Librarian versions 4.6 and earlier and 4.7. An attacker can exploit the vulnerability to enumerate directories...

WordPress Cartogiraffe Map 1.0 Cross Site Scripting

Class Input Validation Error Remote Yes Credit Ricardo Sanchez Vulnerable Cartogiraffe Map Plugin 1.0 Cartogiraffe Map Plugin is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...

jQuery Official Blog Hacked — Stay Calm, Library is Safe!

The official blog of jQuery—most popular JavaScript library used by millions of websites—has been hacked by some unknown hackers, using the pseudonym "str0ng" and "n3tr1x." jQuery's blog website blog.jquery.com runs on WordPress—the world's most popular content management system CMS used by...

FS Crowdfunding Script SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: FS Crowdfunding Script - 'id' SQL Injection Date: 2017-10-24 Exploit Author: 8bitsec Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/crowdfunding-script/ Version: 24 October 17 Test...

Cross-site Scripting in jquery-ui

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

GHSA-WCM2-9C89-WMFM Cross-site Scripting in jquery-ui

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...

GHSA-QQXP-XP9V-VVX6 jquery-ui Tooltip widget vulnerable to XSS

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

jquery-ui Tooltip widget vulnerable to XSS

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

GHSA-4WHC-PP4X-9PF3 jquery-rails and jquery-ujs subject to Exposure of Sensitive Information

jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...

jquery-rails and jquery-ujs subject to Exposure of Sensitive Information

jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...