13 matches found
Astra Linux - уязвимость в jqueryui
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources might execute untrusted code. This issue has been fixed in jQuery UI 1.13.0. The values passed to various Text options are...
HP LaserJet Printers Improper Neutralization of Input During Web Page Generation (CVE-2021-41184)
Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...
HP LaserJet Printers Improper Neutralization of Input During Web Page Generation (CVE-2021-41182)
Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...
MAL-2025-23899 Malicious code in jquery-ui-i18n (npm)
The package jquery-ui-i18n was found to contain malicious code...
OESA-2022-1693 python-XStatic-jquery-ui security update
jquery-ui javascript library packaged for setuptools easyinstall / pip. This package is intended to be used by any project that needs these files. It intentionally does not provide any extra code except some metadata nor has any extra requirements. You MAY use some minimal support code from the...
jquery-ui: XSS in *Text options of the datepicker widget
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...
jquery-ui: XSS in the 'of' option of the .position() util
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...
Vulnerabilities fixed in Drupal core
Drupal developers have fixed vulnerabilities in Drupal core. The vulnerabilities are in jQuery UI. It is possible that this security vulnerability could be exploited with some Drupal modules and could result in a Cross-Site Scripting XSS vulnerability. Drupal developers have released updates to f...
DEBIAN-CVE-2021-41182
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...
org.webjars.npm:evol-colorpicker (=3.4.2), org.webjars.npm:jquery-ui-multidatespicker (=1.6.6) potentially affected by CVE-2021-41183 via org.webjars.npm:jquery-ui (=1.13.0-rc.3)
org.webjars.npm:jquery-ui MAVEN version =1.13.0-rc.3 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jquery-ui and may be impacted: - org.webjars.npm:evol-colorpicker =3.4.2 - org.webjars.npm:jquery-ui-multidatespicker =1.6.6 Source cve...
org.webjars.npm:evol-colorpicker (=3.4.2), org.webjars.npm:jquery-ui-multidatespicker (=1.6.6) potentially affected by CVE-2021-41184 via org.webjars.npm:jquery-ui (=1.13.0-rc.3)
org.webjars.npm:jquery-ui MAVEN version =1.13.0-rc.3 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jquery-ui and may be impacted: - org.webjars.npm:evol-colorpicker =3.4.2 - org.webjars.npm:jquery-ui-multidatespicker =1.6.6 Source cve...
jquery-ui: XSS vulnerability in jQuery.ui.dialog title option
Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...
UBUNTU-CVE-2012-6662
Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...