Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183

Summary There are vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-41182 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of...

jQuery UI < 1.13.2 Cross-Site Scripting

According to its self-reported version number, jQuery UI is prior to 1.13.2. It is, therefore, affected by a Cross-Site Scripting when refreshing a checkboxradio with an HTML-like initial text label CVE-2022-31160 Note that the scanner has not tested for these issues but has instead relied only o...

K95208524: jQuery vulnerability CVE-2016-7103

Security Advisory Description Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. CVE-2016-7103 Impact This vulnerability allows a remote attacker to perform an...

K50455702: jQuery vulnerabilities CVE-2021-41182, CVE-2021-41183, and CVE-2021-41184

Security Advisory Description CVE-2021-41182 jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string...

Jquery UI 1.13.1 in use which is vulnerable to CVE-2022-31160

Description Jquery UI 1.13.1 in use which is vulnerable to CVE-2022-31160 Proof of Concept 1 Go to https://demo.limesurvey.org/tmp/assets/15bf41ab/jquery-ui.min.js and note that jquery-ui 1.13.1 is in use. 2 Check...

SUSE CVE-2016-7103

Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...

SUSE CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...

SUSE CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

Security Bulletin: IBM QRadar SIEM includes multiple components with known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site...

Security Bulletin: IBM Workload Scheduler potentially affected by cross-site scripting vulnerability in jQuery UI (CVE-2022-31160)

Summary jQuery UI is vulnerable to cross-site scripting attack that can potentially affect IBM Workload Scheduler 9.5 and IBM Workload Scheduler 10.1 Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of...

Malicious Package

Overview jqueryuicheckbox is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package...

Malicious Package

Overview jqueryuicheckbowwx is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packag...

Fedora 36 : drupal7 (2022-9d655503ea)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-9d655503ea advisory. - 7.92 - 7.91 - SA-CORE-2022-012 / CVE-2022-25275 - 7.90 - 7.89 - 7.88 - SA-CORE-2022-003 / CVE-2022-25271 - 7.87 - 7.86 - SA-CORE-2022-001 /...

Fedora 36 : js-jquery-ui (2022-1a01ed37e2)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-1a01ed37e2 advisory. A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting XSS attack via the initializatio...

Fedora 35 : drupal7 (2022-bf18450366)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-bf18450366 advisory. - 7.92 - 7.91 - SA-CORE-2022-012 / CVE-2022-25275 - 7.90 - 7.89 - 7.88 - SA-CORE-2022-003 / CVE-2022-25271 - 7.87 - 7.86 - SA-CORE-2022-001 /...

Fedora 35 : js-jquery-ui (2022-22d8ba36d0)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-22d8ba36d0 advisory. A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting XSS attack via the initializatio...

Tenable Nessus Network Monitor < 6.0.1 Multiple Vulnerabilities (TNS-2022-10)

Tenable Nessus Network Monitor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

[SECURITY] Fedora 37 Update: js-jquery-ui-1.13.2-1.fc37

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library...

Fedora: Security Advisory for js-jquery-ui (FEDORA-2022-1a01ed37e2)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for js-jquery-ui (FEDORA-2022-7291b78111)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...