Lucene search
K

12 matches found

OSV
OSV
added 2026/07/02 2:13 p.m.6 views

PYSEC-2026-628 XSS in jQuery as used in Drupal, Backdrop CMS, and other products

jQuery from 1.1.4 until 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS6.9AI score0.87218EPSS
Exploits4References112
Microsoft CVE
Microsoft CVE
added 2024/09/11 7:0 a.m.5 views

jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property it could extend the native Object.prototype.

...

6.1CVSS6.8AI score0.87218EPSS
Exploits4
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.5 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.5AI score0.87218EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.5 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.5AI score0.87218EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2022/11/02 4:34 p.m.4 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.5AI score0.87218EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2020/12/16 1:56 p.m.2 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.4AI score0.87218EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2020/04/06 9:2 a.m.4 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.4AI score0.87218EPSS
Exploits4References6
BDU FSTEC
BDU FSTEC
added 2019/11/25 12:0 a.m.6 views

The vulnerability of the jQuery.extend function (true, {}, …) in the jQuery library allows a attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability of the jQuery.extend function exists because measures to protect the structure of web pages are not taken. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and integrity of the protected information...

6.1CVSS6.6AI score0.87218EPSS
Exploits4References13Affected Software17
RedHat Linux
RedHat Linux
added 2019/10/10 3:39 p.m.2 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.5AI score0.87218EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2019/06/11 3:32 p.m.3 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.5AI score0.87218EPSS
Exploits4References6
OSV
OSV
added 2019/04/26 4:29 p.m.67 views

GHSA-6C3J-C64M-QHGQ XSS in jQuery as used in Drupal, Backdrop CMS, and other products

jQuery from 1.1.4 until 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS6.8AI score0.87218EPSS
Exploits4References110
OSV
OSV
added 2019/04/17 8:30 p.m.2 views

DRUPAL-CORE-2019-006

The jQuery project released version 3.4.0, and as part of that, disclosed a security vulnerability that affects all prior versions. As described in their release notes: jQuery 3.4.0 includes a fix for some unintended behavior when using jQuery.extendtrue, , .... If an unsanitized source object...

6.1CVSS6.6AI score0.87218EPSS
Exploits4References1
Rows per page
Query Builder