CVE-2025-28861 WordPress WP jQuery Persian Datepicker plugin <= 0.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in bhzad WP jQuery Persian Datepicker wpjqp-datepicker allows Stored XSS.This issue affects WP jQuery Persian Datepicker: from n/a through = 0.1.0...

CVE-2025-28861

CVE-2025-28861 is a CSRF-to-stored XSS vulnerability in the WordPress plugin WP jQuery Persian Datepicker (versions

CVE-2025-28861 WordPress WP jQuery Persian Datepicker plugin <= 0.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in bhzad WP jQuery Persian Datepicker wpjqp-datepicker allows Stored XSS.This issue affects WP jQuery Persian Datepicker: from n/a through = 0.1.0...

Moderate: Red Hat Security Advisory: pki-core security update

An update for pki-core is now available for Red Hat Enterprise Linux 7.7 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

Malicious code in alexpavlov--jquery-suggestable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6f4773aee85f3d282a89ee413b5af4e93365981f67b821882709daf1d3cc6eac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in jquery-suggestable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74d4c0f43329dfb6b2d28c85a573a431135a5605521a110c3867f8f3df909cc8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2178 Malicious code in jquery-suggestable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 74d4c0f43329dfb6b2d28c85a573a431135a5605521a110c3867f8f3df909cc8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Linux Distros Unpatched Vulnerability : CVE-2020-7656

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove HTML tags that contain a whitespace...

Linux Distros Unpatched Vulnerability : CVE-2021-32850

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jQuery MiniColors is a color picker built on jQuery. Prior to version 2.3.6, jQuery MiniColors is prone to cross-site scripting when handling untrusted color...

Linux Distros Unpatched Vulnerability : CVE-2021-41182

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from...

Linux Distros Unpatched Vulnerability : CVE-2021-41184

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted...

Linux Distros Unpatched Vulnerability : CVE-2021-41183

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from...

Linux Distros Unpatched Vulnerability : CVE-2019-11358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an...

Linux Distros Unpatched Vulnerability : CVE-2012-6708

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable...

Linux Distros Unpatched Vulnerability : CVE-2012-6662

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote...

Linux Distros Unpatched Vulnerability : CVE-2020-11023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one ...

Linux Distros Unpatched Vulnerability : CVE-2021-21252

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package jquery-validation. jquery-validation before...

Linux Distros Unpatched Vulnerability : CVE-2020-11022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM...

Linux Distros Unpatched Vulnerability : CVE-2015-9251

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing...