CVE-2016-7103

Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Recent assessments: djsubstance at February 24, 2021 8:16pm UTC reported: PoC: XSS in closeText option of...

PT-2017-4095 · Jquery +5 · Jquery Ui +5

Name of the Vulnerable Software and Affected Versions: jQuery UI versions prior to 1.12.0 Description: The issue is related to a cross-site scripting XSS vulnerability in jQuery UI. This vulnerability might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter ...

CVE-2016-7103

Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...

Nextcloud: DOM XSS vulnerability in search dialogue (NC-SA-2017-007)

DOM XSS vulnerability in search dialogue NC-SA-2017-007 Risk level: Low CVSS v3 Base Score: 2.6 AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N CWE: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CWE-79 Description Inadequate escaping lead to XSS vulnerability in the searc...

Gratipay: Inadequate/dangerous jQuery behavior

Every text/javascript response gets executed. JQuery 1.10.2 is vulnerable and executes response received. https://assets.gratipay.com/jquery.min.js?etag=YoBy5yEtsejNrLIrIXUs2g https://github.com/jquery/jquery/issues/2432...

HackerOne: Stealing contact form data on www.hackerone.com using Marketo Forms XSS with postMessage frame-jumping and jQuery-JSONP

Hi, I just discovered that there's a scenario where the Marketo Forms solution being used on www.hackerone.com can actually be abused, using a few fun techniques, to trigger an XSS in the Cross-Origin-iframe being used by Marketo. This results in eavesdropping of the data being sent in the...

Javo Spot Premium Theme - Unauthenticated Directory Traversal

Print out any file in the via an unauthenticated AJAX request. PoC /wp-admin/admin-ajax.php? jvfrmspotgetjson=../../wp-config.php=jQuery...

jQuery Mobile redirect XSS vulnerability

TL;DR - Any website that uses jQuery Mobile and has an open redirect is now vulnerable to XSS - and there's nothing you can do about it, there's not even patch \ツ/ . jQuery Mobile is a cool jQuery UI system that makes building mobile apps easier. It does some part of what other frameworks like...

Tenable SecurityCenter < 5.4.1 Multiple Vulnerabilities (TNS-2016-19)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is prior to 5.4.1. It is, therefore, affected by multiple vulnerabilities : - A denial of service vulnerability exists in x509vfy.c due to improper handling of certificate revocation lists...

jquery-ui: cross-site scripting in dialog closeText

It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user...

Low: Red Hat Security Advisory: python-XStatic-jquery-ui security update

An update for python-XStatic-jquery-ui is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 Kilo for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Cross-site Scripting (XSS)

jquery-migrate is vulnerable to Cross-site Scripting XSS. jquery-migrate uses code similar to $location.hash to select an ID value encoded on the page. However, an attacker can create a cross-site scripting injection by using a string similar to and run code to steal user data...

Cross-site Scripting (XSS)

jquery-mobile is vulnerable to Cross-site Scripting XSS. The vulnerability exists because it decodes the username:password of location.href in the url without encoding them first...

Fedora 24 : js-jquery (2016-8516b7d6fb)

Update to 2.2.4 with backport for XSS vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...

Fedora Update for js-jquery FEDORA-2016-8516b7d6fb

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 25 Update: js-jquery1-1.12.4-2.fc25

jQuery is a fast, small, and feature-rich JavaScript library. It makes thin gs like HTML document traversal and manipulation, event handling, animation, a nd Ajax much simpler with an easy-to-use API that works across a multitude of browsers. With a combination of versatility and extensibility,...

Fedora 25 : js-jquery (2016-3368a38282)

Update to 2.2.4 with backport for XSS vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issue...

Fedora Update for js-jquery FEDORA-2016-3368a38282

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 25 Update: js-jquery-2.2.4-1.fc25

jQuery is a fast, small, and feature-rich JavaScript library. It makes thin gs like HTML document traversal and manipulation, event handling, animation, a nd Ajax much simpler with an easy-to-use API that works across a multitude of browsers. With a combination of versatility and extensibility,...

jquery-ui: cross-site scripting in dialog closeText

It was found that a parameter of the dialog box feature of jQuery UI was vulnerable to cross site scripting. An attacker could use this flaw to execute a malicious script via the dialog box when it was displayed to a user...