Lucene search
K

132 matches found

Debian CVE
Debian CVE
added 2021/10/26 12:0 a.m.52 views

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

6.5CVSS5.8AI score0.42229EPSS
Exploits1
AlpineLinux
AlpineLinux
added 2021/10/26 12:0 a.m.53 views

CVE-2021-41183

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...

6.5CVSS6.7AI score0.07948EPSS
Exploits1
RubySec
RubySec
added 2021/10/26 12:0 a.m.17 views

XSS in the `altField` option of the Datepicker widget in jquery-ui

Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $"datepicker".datepicker altField: "", ; will call the doEvilThing function. Patches The issue is fixed i...

6.5CVSS6.8AI score0.42229EPSS
Exploits1References1Affected Software1
RubySec
RubySec
added 2021/10/26 12:0 a.m.21 views

XSS in `*Text` options of the Datepicker widget in jquery-ui

Impact Accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $"datepicker".datepicker showButtonPanel: true, showOn: "both", closeText: "doEvilThing'closeText XSS'",...

6.5CVSS6.8AI score0.07948EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2021/10/26 12:0 a.m.53 views

CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

6.5CVSS6.6AI score0.42229EPSS
Exploits1
CNVD
CNVD
added 2021/02/28 12:0 a.m.8 views

Triconsole Datepicker Calendar Cross-Site Scripting Vulnerability

Triconsole Datepicker Calendar is a Triconsole open source application. Provides a calendar component . A cross-site scripting vulnerability exists in Triconsole Datepicker Calendar prior to version 3.77, which stems from calendarform.php not fully validating user input, which allows an attacker ...

6.1CVSS6.1AI score0.06196EPSS
Exploits3References1
OSV
OSV
added 2021/02/25 4:15 p.m.3 views

CVE-2021-27330

Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...

6.1CVSS6.3AI score0.06196EPSS
Exploits3References4
NVD
NVD
added 2021/02/25 4:15 p.m.21 views

CVE-2021-27330

Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...

6.1CVSS0.06196EPSS
Exploits3References4
Prion
Prion
added 2021/02/25 4:15 p.m.18 views

Cross site scripting

Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...

4.3CVSS6AI score0.06196EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2021/02/25 3:11 p.m.75 views

CVE-2021-27330

The CVE-2021-27330 entry describes a cross-site scripting (XSS) vulnerability in Triconsole Datepicker Calendar versions before 3.77, arising from insufficient validation in calendar_form.php. Exploitation could allow an attacker to read active authentication cookies, enabling potential session h...

6.1CVSS6AI score0.06196EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2021/02/25 3:11 p.m.26 views

CVE-2021-27330

Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...

6.3AI score0.06196EPSS
Exploits3References4
CNNVD
CNNVD
added 2021/02/25 12:0 a.m.8 views

Triconsole Datepicker Calendar 跨站脚本漏洞

Triconsole Datepicker Calendar is a Triconsole open source application. Provides a calendar component . A cross-site scripting vulnerability exists in Triconsole Datepicker Calendar prior to version 3.77, which stems from calendarform.php not fully validating user input, which allows an attacker ...

6.1CVSS6.2AI score0.06196EPSS
Exploits3References6
Github Security Blog
Github Security Blog
added 2020/09/11 9:23 p.m.32 views

Malicious Package in react-datepicker-plus

Versions 2.4.3 and 2.4.2 of react-datepicker-plus contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your...

4.4AI score
Exploits0References2Affected Software1
OSV
OSV
added 2020/09/11 9:23 p.m.11 views

GHSA-4WCX-C9C4-89P2 Malicious Package in react-datepicker-plus

Versions 2.4.3 and 2.4.2 of react-datepicker-plus contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your...

9.8CVSS7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2020/04/27 12:0 a.m.15 views

Contact Form 7 Datepicker Plugin for WordPress Cross-Site Scripting

The WordPress Contact Form 7 Datepicker Plugin installed on the remote host is affected by a stored cross-site scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

5.4CVSS6.1AI score0.00712EPSS
Exploits2References3
CNVD
CNVD
added 2020/04/08 12:0 a.m.4 views

WordPress Contact Form 7 Datepicker Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Contact Form 7 Datepicker is a datepicker plugin used in it. A cross-site scripting vulnerability exists in WordPress Contact Form 7...

5.4CVSS6.2AI score0.00712EPSS
Exploits2
OSV
OSV
added 2020/04/07 5:15 p.m.4 views

CVE-2020-11516

Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wpajaxcf7dpsavesettings AJAX action and the uitheme parameter. If an administrator creat...

5.4CVSS6.1AI score0.00712EPSS
Exploits2References1
NVD
NVD
added 2020/04/07 5:15 p.m.26 views

CVE-2020-11516

Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wpajaxcf7dpsavesettings AJAX action and the uitheme parameter. If an administrator creat...

5.4CVSS5.3AI score0.00712EPSS
Exploits2References1
Prion
Prion
added 2020/04/07 5:15 p.m.19 views

Cross site scripting

Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wpajaxcf7dpsavesettings AJAX action and the uitheme parameter. If an administrator creat...

3.5CVSS5.2AI score0.00712EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2020/04/07 4:55 p.m.85 views

CVE-2020-11516

The CVE-2020-11516 entry refers to a stored XSS in the WordPress plugin “Contact Form 7 Datepicker” up to version 2.6.0. The vulnerability arises from saving settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter, enabling an authenticated user with minima...

5.4CVSS5.2AI score0.00712EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder