GHSA-GCGP-Q2JQ-FW52 LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature

Summary A Self Cross-Site Scripting Self-XSS vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh. Details The vulnerability occurs when...

Security Bulletin: Multiple Vulnerabilities in components for Cloud Pak System

Summary Vulnerabilities found in components packaged with Cloud Pak System, Beego, Node.js follow-redirects module, Prototypejs, jQuery, Golang go and go/crypto module. These vulnerabilities have been addressed in Cloud Pak System V2.3.4.0 and IBM V2.3.5.0. Vulnerability Details...

MAL-2024-9054 Malicious code in jquery-ui-smoothness (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbde2167eb940c597861a429b583a7e45ac7225bee0da328cc03ddbbcb363beb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in jquery-ui-smoothness (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbde2167eb940c597861a429b583a7e45ac7225bee0da328cc03ddbbcb363beb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

ovirt-engine security update

4.4.10.7-1.0.33 - Fix external providers properties observability 4.4.10.7-1.0.32 - Upgrade bundled frontend dependency of jquery-ui 4.4.10.7-1.0.31 - Allow enrolling certificates in non-responsive state and Extend the lifetime of non-web certificates 4.4.10.7-1.0.30 - Fix network exception...

CVE-2024-8940

Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jqueryplugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly...

PT-2024-39325 · Unknown · Scriptcase

Name of the Vulnerable Software and Affected Versions: Scriptcase version 9.4.019 Description: The issue involves the arbitrary upload of a file via "/scriptcase/devel/lib/third/jquery plugin/jQuery-File-Upload/server/php/" via a POST request. An attacker could upload malicious files to the serve...

RHSA-2020:5581 Red Hat Security Advisory: python-XStatic-jQuery security update

Bulletin has no description...

RHSA-2020:1325 Red Hat Security Advisory: python-XStatic-jQuery security update

Bulletin has no description...

RHSA-2017:0161 Red Hat Security Advisory: python-XStatic-jquery-ui security update

Bulletin has no description...

RHSA-2016:2933 Red Hat Security Advisory: python-XStatic-jquery-ui security update

Bulletin has no description...

RHSA-2016:2932 Red Hat Security Advisory: python-XStatic-jquery-ui security update

Bulletin has no description...

CBL Mariner 2.0 Security Update: js-jquery (CVE-2019-20149)

The version of js-jquery installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-20149 advisory. - ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attribute...

jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property it could extend the native Object.prototype.

...

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option causing text/javascript responses to be executed.

...

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the '<' character limiting exploitability only to attackers who can control the beginning of a string which is far less common.

...

AZL-49149 CVE-2024-45590 affecting package js-jquery 3.5.0-4

body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in...

AZL-49158 CVE-2024-45296 affecting package js-jquery 3.5.0-4

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event...

AZL-49103 CVE-2024-45296 affecting package js-jquery 3.5.0-4

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event...

K000141005: jQuery vulnerability CVE-2020-7656

Security Advisory Description jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "", which results in the enclosed script logic to be executed. CVE-2020-7656 Impact There is no impact; F5 products are not affected by this...