Cross-site Scripting in wicket-jquery-ui

In wicket-jquery-ui = 6.29.0, = 7.10.1, = 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display...

GHSA-PJV3-RH6V-2PJ8 Cross-site Scripting in wicket-jquery-ui

In wicket-jquery-ui = 6.29.0, = 7.10.1, = 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display...

Cross-site Scripting in wicket-jquery-ui

In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...

GHSA-PWPC-HQQ2-HX2X Cross-site Scripting in wicket-jquery-ui

In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...

[R1] Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities

R1 Tenable.sc 5.21.0 Fixes Multiple Third-Party Vulnerabilities Arnie Cabral Tue, 04/19/2022 - 10:32 Tenable.sc leverages third-party software to help provide underlying functionality. Several of the third-party components were found to contain vulnerabilities, and updated versions have been made...

jQuery UI Datepicker Widget Cross Site Scripting (CVE-2021-41182; CVE-2021-41183)

A cross site scripting vulnerability exists in the jQuery UI Datepicker widget. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

Security Bulletin: IBM Security QRadar SOAR is using a component vulnerable to Cross Site Scripting (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184)

Summary IBM® Security QRadar SOAR formerly known as Resilient SOAR is using a component with known Cross Site Scripting vulnerabilities. QRadar SOAR uses jQuery-UI, which is vulnerable to several XSS issues as listed below. QRadar SOAR has released an update that addresses these issues...

jquery-ui security update

1.10.4.custom-4.0.1 - Backport jQuery CVE-2020-11022 and CVE-2020-11023 fixes to bundled jQuery v1.10.2 Orabug: 33869588 1.10.4.custom-4 - removed %%defattr from specfile - removed Group from specfile - removed BuildRoot from specfiles Tue May 10 2016 Grant Gainey 1.10.4.custom-3 - jquery-ui: bui...

Oracle Linux 7 : jquery-ui (ELSA-2022-9177)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-9177 advisory. - Backport jQuery CVE-2020-11022 and CVE-2020-11023 fixes to bundled jQuery v1.10.2 Orabug: 33869588 Tenable has extracted the preceding description...

Drupal 8.x, 9.x < 9.2.11, 9.3.x < 9.3.3 XSS Vulnerability (SA-CORE-2022-001) - Linux

Drupal is prone to a cross-site scripting XSS vulnerability in jQuery UI. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

Drupal 7.x < 7.86 Multiple XSS Vulnerabilities (SA-CORE-2022-002) - Windows

Drupal is prone to multiple cross-site scripting XSS vulnerabilities in jQuery UI. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Drupal 7.x < 7.86 Multiple XSS Vulnerabilities (SA-CORE-2022-002) - Linux

Drupal is prone to multiple cross-site scripting XSS vulnerabilities in jQuery UI. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This...

Drupal 8.x, 9.x < 9.2.11, 9.3.x < 9.3.3 XSS Vulnerability (SA-CORE-2022-001) - Windows

Drupal is prone to a cross-site scripting XSS vulnerability in jQuery UI. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...

DRUPAL-CORE-2022-001

jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they disclosed the following security issu...

DRUPAL-CONTRIB-2022-004

jQuery UI is a third-party library used by Drupal. The jQuery UI Datepicker module provides the jQuery UI Datepicker library, which is not included in Drupal 9 core. jQuery UI was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, an...

jQuery UI Datepicker - Moderately critical - Cross Site Scripting - SA-CONTRIB-2022-004

jQuery UI is a third-party library used by Drupal. The jQuery UI Datepicker module provides the jQuery UI Datepicker library, which is not included in Drupal 9 core. jQuery UI was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, an...

Drupal core - Moderately critical - Cross site scripting - SA-CORE-2022-002

jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. In addition to the issue covered by SA-CORE-2022-001, further security...

Drupal 7.x < 7.86 / 9.2.x < 9.2.11 / 9.3.x < 9.3.3 Multiple Vulnerabilities (drupal-2022-01-19)

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.86, 9.2.x prior to 9.2.11, or 9.3.x prior to 9.3.3. It is, therefore, affected by multiple vulnerabilities. - Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dial...

Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2022-001

jQuery UI is a third-party library used by Drupal. This library was previously thought to be end-of-life. Late in 2021, jQuery UI announced that they would be continuing development, and released a jQuery UI 1.13.0 version. As part of this 1.13.0 update, they disclosed the following security issu...

JQuery UI < 1.13.0 Multiple XSS

The version of JQuery UI library hosted on the remote web server is prior to 1.13.0. It is, therefore, affected by multiple cross-site scripting vulnerabilities: - Accepting the value of the 'altField' option of the Datepicker widget from untrusted sources may execute untrusted code. CVE-2021-411...