Lucene search
K

304 matches found

OSV
OSV
added 2022/07/20 8:15 p.m.1 views

DEBIAN-CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

6.1CVSS5.7AI score0.01933EPSS
Exploits1References1
Prion
Prion
added 2022/07/20 8:15 p.m.26 views

Cross site scripting

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

5.8CVSS5.9AI score0.01933EPSS
Exploits1References9Affected Software4
OSV
OSV
added 2022/07/20 8:15 p.m.2 views

UBUNTU-CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

6.1CVSS6.2AI score0.01933EPSS
Exploits1References7
Cvelist
Cvelist
added 2022/07/20 12:0 a.m.45 views

CVE-2022-31160 jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

6.1CVSS6.3AI score0.01933EPSS
Exploits1References9
EUVD
EUVD
added 2022/07/20 12:0 a.m.3 views

EUVD-2022-6344

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

6.1CVSS6.3AI score0.01933EPSS
Exploits1References18
CNNVD
CNNVD
added 2022/07/20 12:0 a.m.3 views

jQuery 跨站脚本漏洞

jQuery is the United States John Resig individual developers of a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript, and features modularity, plug-in extensions, and so on. A cross-site scripting vulnerability exists in jQuery...

6.1CVSS6.9AI score0.01933EPSS
Exploits1References22
Vulnrichment
Vulnrichment
added 2022/07/20 12:0 a.m.5 views

CVE-2022-31160 jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

6.1CVSS6.1AI score0.01933EPSS
Exploits1References9
OSV
OSV
added 2022/07/20 12:0 a.m.31 views

CVE-2022-31160 jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

6.1CVSS5.9AI score0.01933EPSS
Exploits1References11
CVE
CVE
added 2022/07/20 12:0 a.m.843 views

CVE-2022-31160

CVE-2022-31160 affects jQuery UI versions prior to 1.13.2. The issue occurs when initializing a checkboxradio widget on an input inside a label; the label contents can be treated as the input label, and refreshing with .checkboxradio("refresh") on such a widget may decode encoded HTML entities in...

6.1CVSS6AI score0.01933EPSS
Exploits1References9Affected Software1
Debian CVE
Debian CVE
added 2022/07/20 12:0 a.m.84 views

CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

6.1CVSS6.6AI score0.01933EPSS
Exploits1
Veracode
Veracode
added 2022/07/19 5:25 a.m.130 views

Cross-site Scripting (XSS)

jquery-ui is vulnerable to cross-site scripting attacks. The vulnerability exists in the widget function in checkboxradio.js due to a lack of input sanitization which allows a malicious attacker to inject and execute malicious javascript...

6.1CVSS6.2AI score0.01933EPSS
Exploits1References14Affected Software1
OSV
OSV
added 2022/07/18 5:7 p.m.5 views

GHSA-H6GJ-6JJQ-H8G9 jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label

Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio "refresh" on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can le...

6.1CVSS6.6AI score0.01933EPSS
Exploits1References14
vulnersOsv
vulnersOsv
added 2022/07/18 5:7 p.m.6 views

@atlassian/aui (>=8.2.4 <=9.5.1), @chinchilla-software/ng-date-time-picker (>=1.0.0 <=1.0.1) +135 more potentially affected by CVE-2022-31160 via jquery-ui (>=1.10.4 <=1.13.1)

jquery-ui NPM version =1.10.4, =8.2.4, =1.0.0, =1.0.0, =0.1.0, =2.3.2, =6.4.0, =1.1.42, =5.0.0-110, =0.0.0, =2.1.1, =4.0.0, =1.0.0-alpha.0, =11.0.0, =17.0.0-dev.3 and more Source cves: CVE-2022-31160 Source advisory: OSV:GHSA-H6GJ-6JJQ-H8G9...

6.1CVSS6.5AI score0.01933EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/07/18 5:7 p.m.4 views

org.webjars.npm:evol-colorpicker (=3.4.2), org.webjars.npm:jquery-ui-multidatespicker (=1.6.6) potentially affected by CVE-2022-31160 via org.webjars.npm:jquery-ui (=1.13.0-rc.3)

org.webjars.npm:jquery-ui MAVEN version =1.13.0-rc.3 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jquery-ui and may be impacted: - org.webjars.npm:evol-colorpicker =3.4.2 - org.webjars.npm:jquery-ui-multidatespicker =1.6.6 Source cve...

6.1CVSS6.5AI score0.01933EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/07/18 5:7 p.m.175 views

jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label

Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio "refresh" on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can le...

6.1CVSS6.5AI score0.01933EPSS
Exploits1References14Affected Software4
Positive Technologies
Positive Technologies
added 2022/07/18 12:0 a.m.4 views

PT-2022-20575 · Jquery +5 · Jquery Ui +5

Name of the Vulnerable Software and Affected Versions: jQuery UI versions prior to 1.13.2 Moodle versions prior to 3.11.17-alt1 Description: jQuery UI, a collection of user interface interactions, effects, widgets, and themes built on jQuery, is susceptible to a cross-site scripting XSS issue...

8CVSS6AI score0.42847EPSS
Exploits6References61
RubySec
RubySec
added 2022/07/15 12:0 a.m.23 views

jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label

Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio "refresh" on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can le...

6.1CVSS6.8AI score0.01933EPSS
Exploits1References1Affected Software1
Oracle linux
Oracle linux
added 2022/06/30 12:0 a.m.41 views

pcs security update

0.11.1-10.el90.1 - Updated bundled rubygems: sinatra, rack-protection - Resolves: rhbz2081333 0.11.1-10 - Fixed snmp client - Fixed translating resource roles in colocation constraint - Resolves: rhbz2048640 0.11.1-9 - Fixed cluster destroy in web ui - Fixed covscan issue in web ui - Resolves:...

7.5CVSS7.9AI score0.02059EPSS
Exploits0
Tenable Product Security Advisories
Tenable Product Security Advisories
added 2022/05/26 1:30 p.m.43 views

[R3] Nessus Version 10.2.0 Fixes Multiple Vulnerabilities

R3 Nessus Version 10.2.0 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 05/26/2022 - 09:30 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components zlib, expat, jQuery UI were found to contain vulnerabilities, and updated versions hav...

9CVSS2AI score0.01247EPSS
Exploits0
OSV
OSV
added 2022/05/18 2:55 p.m.10 views

SUSE-SU-2022:1729-1 Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud

This update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud fixes the following issues: Security fixes included on...

9.8CVSS7.3AI score0.57991EPSS
Exploits9References36
Rows per page
Query Builder