Lucene search
K

185 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.4 views

SUSE CVE-2020-11022

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.1CVSS6.7AI score0.99019EPSS
Exploits7References15
SUSE CVE
SUSE CVE
added 2023/02/15 4:0 a.m.4 views

SUSE CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.1CVSS6.9AI score0.8383EPSS
Exploits6References32
IBM Security Bulletins
IBM Security Bulletins
added 2023/02/02 9:8 p.m.42 views

Security Bulletin: IBM Aspera Orchestrator affected by JQuery vulnerability (CVE-2022-31160)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widget. A remote attacker...

6.1CVSS6.4AI score0.01933EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2023/01/31 1:18 p.m.5 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
RedHat Linux
RedHat Linux
added 2023/01/31 1:15 p.m.4 views

jquery: Cross-site scripting via cross-domain ajax requests

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

6.1CVSS6.6AI score0.29726EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2023/01/31 1:15 p.m.7 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.5AI score0.87218EPSS
Exploits4References6
RedHat Linux
RedHat Linux
added 2023/01/31 1:15 p.m.5 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
RedHat Linux
RedHat Linux
added 2023/01/31 1:15 p.m.4 views

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

6.9CVSS6.5AI score0.99019EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2023/01/31 1:12 p.m.4 views

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

6.1CVSS6.5AI score0.87218EPSS
Exploits4References6
OSV
OSV
added 2023/01/05 12:15 p.m.8 views

AZL-45126 CVE-2017-20162 affecting package js-jquery 3.5.0-4

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has...

5.3CVSS5.1AI score0.00981EPSS
Exploits1References1
OSV
OSV
added 2022/11/26 10:15 p.m.5 views

AZL-45051 CVE-2022-24999 affecting package js-jquery 3.5.0-4

qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an proto key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string ...

7.5CVSS7.2AI score0.14663EPSS
Exploits2References1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/14 3:28 p.m.80 views

Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary IBM Business Process Manager and IBM Business Automation Workflow are affected by multiple security vulnerabilities found in Swagger UI. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput functio...

6.7AI score0.87218EPSS
Exploits9Affected Software5
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.5 views

The vulnerability of the jQuery library, related to the lack of measures taken to protect the structure of web pages, allows attackers to inject arbitrary web scripts or HTML code.

The vulnerability of jQuery software is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to inject arbitrary web scripts or HTML code remotely...

4.3CVSS7.2AI score0.19191EPSS
Exploits1References15Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2021/10/06 12:30 p.m.68 views

Security Bulletin: IBM Security Guardium Insights is affected by a jQuery vulnerabilitiy (CVE-2019-11358)

Summary IBM Security Guardium Insights has addressed the following vulnerability. Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker...

6.1CVSS0.7AI score0.87218EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2021/09/28 7:39 p.m.11 views

Security Bulletin: Aspera Web Application (Console, Shares) are affected by jQuery vulnerability (cross-site scripting)

Summary Aspera Web Application Console, Shares have the following jQuery vulnerability. Vulnerability Details Third Party Entry: 180875 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the HTML function. A remote attacker could...

1.4AI score
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2021/05/18 4:39 p.m.7 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
Broadcom
Broadcom
added 2021/05/10 12:0 a.m.5 views

BSA-2020-972

Security Advisory ID : BSA-2020-972 Component : jQuery Revision : 1.0 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untruste...

6.9CVSS6.9AI score0.99019EPSS
Exploits7
OpenVAS
OpenVAS
added 2021/05/03 12:0 a.m.33 views

Huawei EulerOS: Security Advisory for pki-core (EulerOS-SA-2021-1831)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.1CVSS6.9AI score0.87218EPSS
Exploits5References2
Oracle linux
Oracle linux
added 2021/03/19 12:0 a.m.188 views

ipa security and bug fix update

4.6.8-5.0.1 - Blank out header-logo.png product-name.png - Replace login-screen-logo.png Orabug: 20362818 4.6.8-5.el79.4 - Resolves: 1897253 IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing - wgi/plugins.py: ignore empty plugin directories - Resolves: 1895197...

6.9CVSS7.4AI score0.8383EPSS
Exploits6
RedHat Linux
RedHat Linux
added 2021/03/16 1:53 p.m.4 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
Rows per page
Query Builder