304 matches found
Code injection
In Apache wicket-jquery-ui = 6.29.0, = 7.10.1, = 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display...
CVE-2018-1325
CVE-2018-1325 affects the Wicket-JQuery-UI integration. In versions ≤ 6.29.0, ≤ 7.10.1, and ≤ 8.0.0-M9.1, JavaScript code created in the WYSIWYG editor can be executed on display, enabling cross-site scripting (XSS) as described in multiple sources. The connected documents corroborate an XSS risk...
Design/Logic Flaw
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...
CVE-2017-15719
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...
CVE-2017-15719
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...
CVE-2017-15719
In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...
Fedora Update for python-XStatic-jquery-ui FEDORA-2017-1bf5a0ce01
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for python-XStatic-jquery-ui FEDORA-2017-e2d17af41e
The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 26 Update: python-XStatic-jquery-ui-1.12.0.1-2.fc26
JavaScript library packaged for setuptools easyinstall / pip. This package is intended to be used by any project that needs these files. It intentionally does not provide any extra code except some metadata nor has any extra requirements...
Cross-site Scripting in jquery-ui
Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...
GHSA-WCM2-9C89-WMFM Cross-site Scripting in jquery-ui
Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...
GHSA-QQXP-XP9V-VVX6 jquery-ui Tooltip widget vulnerable to XSS
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
jquery-ui Tooltip widget vulnerable to XSS
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting XSS...
@mlnmln/test-component (>=0.0.0 <=0.0.1), algoliasearch-extensions-bundle (>=1.2.1 <=4.3.9) +58 more potentially affected by CVE-2016-7103 via jquery-ui (>=1.10.4 <=1.12.0-rc.2)
jquery-ui NPM version =1.10.4, =0.0.0, =1.2.1, =0.0.7-g, =0.0.1-a, =1.0.2, =0.10.1, =0.0.9, =0.12.1, =0.1.1, =0.3.0, =0.0.1, =0.0.5, =0.2.0 and more Source cves: CVE-2016-7103 Source advisory: OSV:GHSA-HPCF-8VF9-Q4GJ...
GHSA-HPCF-8VF9-Q4GJ jQuery-UI vulnerable to Cross-site Scripting in dialog closeText
Affected versions of jquery-ui are vulnerable to a cross-site scripting vulnerability when arbitrary user input is supplied as the value of the closeText parameter in the dialog function. jQuery-UI is a library for manipulating UI elements via jQuery. Version 1.11.4 has a cross site scripting XSS...
Cross-site Scripting in jquery-ui
Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...
Moderate severity vulnerability that affects jquery-ui
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...
SUSE-SU-2017:2351-1 Security update for python-XStatic-jquery-ui
This update for python-XStatic-jquery-ui fixes the following issues: - CVE-2016-7103: possible cross-site scripting in dialog closeText could lead to arbitrary code injection bsc996004...
jQuery UI Cross-Site Scripting Vulnerability
jQuery UI is a set of JavaScript libraries developed by the jQuery team that provides abstracted, themeable GUI controls and animations, and supports the construction of interactive Internet applications. A cross-site scripting vulnerability exists in jQuery UI versions prior to 1.12.0. A remote...