132 matches found
CVE-2021-41182
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...
CVE-2021-41183
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...
XSS in the `altField` option of the Datepicker widget in jquery-ui
Impact Accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $"datepicker".datepicker altField: "", ; will call the doEvilThing function. Patches The issue is fixed i...
XSS in `*Text` options of the Datepicker widget in jquery-ui
Impact Accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. For example, initializing the datepicker in the following way: js $"datepicker".datepicker showButtonPanel: true, showOn: "both", closeText: "doEvilThing'closeText XSS'",...
CVE-2021-41182
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...
Triconsole Datepicker Calendar Cross-Site Scripting Vulnerability
Triconsole Datepicker Calendar is a Triconsole open source application. Provides a calendar component . A cross-site scripting vulnerability exists in Triconsole Datepicker Calendar prior to version 3.77, which stems from calendarform.php not fully validating user input, which allows an attacker ...
CVE-2021-27330
Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...
CVE-2021-27330
Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...
Cross site scripting
Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...
CVE-2021-27330
The CVE-2021-27330 entry describes a cross-site scripting (XSS) vulnerability in Triconsole Datepicker Calendar versions before 3.77, arising from insufficient validation in calendar_form.php. Exploitation could allow an attacker to read active authentication cookies, enabling potential session h...
CVE-2021-27330
Triconsole Datepicker Calendar 3.77 is affected by cross-site scripting XSS in calendarform.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents...
Triconsole Datepicker Calendar 跨站脚本漏洞
Triconsole Datepicker Calendar is a Triconsole open source application. Provides a calendar component . A cross-site scripting vulnerability exists in Triconsole Datepicker Calendar prior to version 3.77, which stems from calendarform.php not fully validating user input, which allows an attacker ...
Malicious Package in react-datepicker-plus
Versions 2.4.3 and 2.4.2 of react-datepicker-plus contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your...
GHSA-4WCX-C9C4-89P2 Malicious Package in react-datepicker-plus
Versions 2.4.3 and 2.4.2 of react-datepicker-plus contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your...
Contact Form 7 Datepicker Plugin for WordPress Cross-Site Scripting
The WordPress Contact Form 7 Datepicker Plugin installed on the remote host is affected by a stored cross-site scripting XSS vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
WordPress Contact Form 7 Datepicker Cross-Site Scripting Vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.Contact Form 7 Datepicker is a datepicker plugin used in it. A cross-site scripting vulnerability exists in WordPress Contact Form 7...
CVE-2020-11516
Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wpajaxcf7dpsavesettings AJAX action and the uitheme parameter. If an administrator creat...
CVE-2020-11516
Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wpajaxcf7dpsavesettings AJAX action and the uitheme parameter. If an administrator creat...
Cross site scripting
Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wpajaxcf7dpsavesettings AJAX action and the uitheme parameter. If an administrator creat...
CVE-2020-11516
The CVE-2020-11516 entry refers to a stored XSS in the WordPress plugin “Contact Form 7 Datepicker” up to version 2.6.0. The vulnerability arises from saving settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter, enabling an authenticated user with minima...