185 matches found
Azure Linux 3.0 Security Update: js-jquery (CVE-2019-20149)
The version of js-jquery installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-20149 advisory. - ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attribute...
CentOS 9 : gcc-11.5.0-5.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the gcc-11.5.0-5.el9 build changelog. - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing i...
Moderate: tbb security update
Threading Building Blocks TBB is a C++ runtime library that abstracts the low-level threading details necessary for optimal multi-core performance. Security Fixes: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 For more details about the securit...
JQuery Cross-Site Scripting (XSS) Vulnerability
JQuery contains a persistent cross-site scripting XSS vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser...
jQuery < 1.9.0 Cross-Site Scripting
According to its self-reported version number, jQuery is prior to 1.9.0. Therefore, it may be affected by a cross-site scripting vulnerability because the load method fails to recognize and remove "" HTML tags that contain a whitespace character. Note that the scanner has not tested for these...
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the '<' character limiting exploitability only to attackers who can control the beginning of a string which is far less common.
...
CVE-2020-26629
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server...
CVE-2020-26629
A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server...
AZL-43636 CVE-2023-26159 affecting package js-jquery 3.5.0-4
Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse function. When new URL throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect...
The vulnerability of the jQuery library lies in its lack of protection for website structures, allowing attackers to execute cross-site scripting attacks.
The vulnerability of the jQuery library is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting using AJAX requests...
The vulnerability of the jQuery library, related to the lack of measures taken to protect the structure of web pages, allows attackers to execute cross-site scripting attacks.
The vulnerability of the jQuery library is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to perform a cross-site scripting attack using the load method...
Important: ruby
Issue Overview: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the...
OESA-2023-1446 doxygen security update
Doxygen is the de facto standard tool for generating documentation from annotated C++ sources, but it also supports other popular programming languages such as C, Objective-C, C, PHP, Java, Python, IDL Corba, Microsoft, and UNO/OpenOffice flavors, Fortran, VHDL, Tcl, and to some extent D. Securit...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
K62532311: jQuery vulnerability CVE-2012-6708
Security Advisory Description jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the ' Identified L...
K29562170: jQuery vulnerability CVE-2015-9251
Security Advisory Description jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.CVE-2015-9251 Impact This vulnerability allows a remote attacker to perfo...
SUSE CVE-2012-6708
jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...
SUSE CVE-2015-9251
jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...