2 matches found
CVE-2016-10707
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service DoS due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit...
CVE-2010-4536
Multiple cross-site scripting XSS vulnerabilities in KSES, as used in WordPress before 3.0.4, allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the & ampersand character, 2 the case of an attribute name, 3 a padded entity, and 4 an entity that is not in...