CVE-2023-5430

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Malicious code in jquery.currencies (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e84dbc5236755b427f757bbfee2cc19e5bcaa36be99d85cbe488921ecc812f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-43862

jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting XSS vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code...

CVE-2021-37504

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

CVE-2021-20084

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype...

CVE-2021-20086

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype...

CVE-2021-20087

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype...

CVE-2021-24543

The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue...

CVE-2020-26629

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server...

CVE-2020-6978

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries...

CVE-2019-13488

A cross-site scripting XSS vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend method is used...

CVE-2019-1010113

Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting XSS. The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a lin...

CVE-2015-9478

prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS...

CVE-2017-1000234

I, Librarian version =4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter...

CVE-2015-9500

The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js...

OPENSUSE-SU-2025:15117-1 ruby3.4-rubygem-jquery-rails-4.6.0-1.7 on GA media

These are all security issues fixed in the ruby3.4-rubygem-jquery-rails-4.6.0-1.7 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: Vulnerabilities in jQuery, Moment, Jackson-mapper-asl and Red Hat JBoss Enterprise Application Platform might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in jQuery, Moment, Jackson-mapper-asl and Red Hat JBoss Enterprise Application Platform. Vulnerabilities include an attacker or a remote attacker could use or exploit these vulnerabilities to steal the victim's...

jquery: Cross-site scripting

A flaw was found in jQuery, where it is vulnerable to Cross-site scripting, caused by the improper validation of user-supplied input by the element. This flaw allows a remote attacker to use a specially crafted URL to execute a script in a victim's web browser within the security context of the...

CVE-2025-3597

The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free versi...

Alibaba Cloud Linux 3 : 0037: pki-core:10.6 (ALINUX3-SA-2021:0037)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0037 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-11023: In jQuery versions greater...