Fedora 37 : js-jquery-ui (2022-7291b78111)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-7291b78111 advisory. A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting XSS attack via the initializatio...

jQuery < 1.9.0 Cross-Site Scripting

According to its self-reported version number, jQuery is prior to 1.9.0. Therefore, it may be affected by a cross-site scripting vulnerability because the load method fails to recognize and remove "" HTML tags that contain a whitespace character. Note that the scanner has not tested for these...

Security Bulletin: Vulnerabilities Addressed in IBM Tivoli Network Manager IP Edition (ITNM) version 4.2 Fix Pack 20 (4.2.0.20)

Summary Multiple vulnerabilities were addressed in ITNM version 4.2 Fix Pack 20 4.2.0.20 Vulnerability Details CVEID:CVE-2024-23944 DESCRIPTION: Apache ZooKeeper could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in persistent watchers handling. By...

AZL-52548 CVE-2024-21538 affecting package js-jquery 3.5.0-4

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

AZL-52587 CVE-2024-21538 affecting package js-jquery 3.5.0-4

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

RHEL 7 : python-XStatic-jquery-ui (RHSA-2017:0161)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:0161 advisory. jQuery UI is a set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript library. Security Fixes: It was...

JQuery UI 1.13.1 XSS

The version of JQuery UI library hosted on the remote web server is prior to 1.13.1. It is, therefore, affected by a cross-site scripting vulnerability in the JQuery UI that allows remote attackers to obtain sensitive information and execute arbitrary code by injecting a crafted payload into the...

SUSE CVE-2024-30875

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, a...

CVE-2024-30875

A Cross-site scripting XSS vulnerability was found in the jquery-ui library. If a user visits a malicious website, a remote attacker may be able to obtain sensitive information and execute arbitrary code via a specially crafted payload to the window.addEventListener component. Mitigation Mitigati...

CVE-2024-30875

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, a...

CVE-2024-30875

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component...

jQuery UI 安全漏洞

jQuery UI is a jQuery open source set of carefully curated user interface interactions, effects, widgets and themes built on jQuery. A security vulnerability exists in jQuery UI version v.1.13.1, which stems from the presence of a cross-site scripting vulnerability that allows remote attackers to...

CVE-2024-30875

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, a...

CVE-2024-30875

Removed by vendor...

CVE-2024-30875

CVE-2024-30875 affects jquery-ui v1.13.1 with a Cross-Site Scripting (XSS) vulnerability via the window.addEventListener component. IBM’s bulletin confirms the issue and lists affected IBM Robotic Process Automation products, with remediation paths to update to 21.0.7.19+ or 23.0.20+ (Cloud Pak a...

Oracle WebCenter Portal (October 2024 CPU)

The 12.2.1.4.0 versions of WebCenter Portal installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory. - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Security Framework jQuery. The supported...

CVE-2024-30875

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, a...

CentOS 7 : pcs (RHSA-2022:7343)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7343 advisory. - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. ...

CentOS 7 : ipa (RHSA-2021:0860)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0860 advisory. - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to on...

AZL-50073 CVE-2024-47764 affecting package js-jquery 3.5.0-4

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...