185 matches found
SUSE CVE-2020-11022
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...
SUSE CVE-2020-11023
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...
Security Bulletin: IBM Aspera Orchestrator affected by JQuery vulnerability (CVE-2022-31160)
Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widget. A remote attacker...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
jquery: Cross-site scripting via cross-domain ajax requests
jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...
jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...
AZL-45126 CVE-2017-20162 affecting package js-jquery 3.5.0-4
A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...
AZL-45051 CVE-2022-24999 affecting package js-jquery 3.5.0-4
qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...
Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)
Summary IBM Business Process Manager and IBM Business Automation Workflow are affected by multiple security vulnerabilities found in Swagger UI. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput functio...
The vulnerability of the jQuery library, related to the lack of measures taken to protect the structure of web pages, allows attackers to inject arbitrary web scripts or HTML code.
The vulnerability of jQuery software is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary web scripts or HTML code remotely...
Security Bulletin: IBM Security Guardium Insights is affected by a jQuery vulnerabilitiy (CVE-2019-11358)
Summary IBM Security Guardium Insights has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker...
Security Bulletin: Aspera Web Application (Console, Shares) are affected by jQuery vulnerability (cross-site scripting)
Summary Aspera Web Application Console, Shares have the following jQuery vulnerability. Vulnerability Details Third Party Entry: 180875 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the HTML function. A remote attacker could...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
BSA-2020-972
Security Advisory ID : BSA-2020-972 Component : jQuery Revision : 1.0 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untruste...
Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2021-1831)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ipa security and bug fix update
4.6.8-5.0.1 - Blank out header-logo.png product-name.png - Replace login-screen-logo.png Orabug: 20362818 4.6.8-5.el79.4 - Resolves: 1897253 IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing - wgi/plugins.py: ignore empty plugin directories - Resolves: 1895197...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...