Lucene search
K

185 matches found

Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.9 views

Azure Linux 3.0 Security Update: js-jquery (CVE-2019-20149)

The version of js-jquery installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-20149 advisory. - ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attribute...

7.5CVSS6.9AI score0.02278EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/02/10 12:0 a.m.16 views

CentOS 9 : gcc-11.5.0-5.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the gcc-11.5.0-5.el9 build changelog. - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing i...

6.9CVSS6.9AI score0.8383EPSS
Exploits6References2
AlmaLinux
AlmaLinux
added 2025/02/10 12:0 a.m.9 views

Moderate: tbb security update

Threading Building Blocks TBB is a C++ runtime library that abstracts the low-level threading details necessary for optimal multi-core performance. Security Fixes: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 For more details about the securit...

6.9CVSS7.7AI score0.8383EPSS
Exploits6References4
CISA KEV Catalog
CISA KEV Catalog
added 2025/01/23 12:0 a.m.19 views

JQuery Cross-Site Scripting (XSS) Vulnerability

JQuery contains a persistent cross-site scripting XSS vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser...

6.9CVSS6.1AI score0.8383EPSS
In wildExploits6
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.6 views

jQuery < 1.9.0 Cross-Site Scripting

According to its self-reported version number, jQuery is prior to 1.9.0. Therefore, it may be affected by a cross-site scripting vulnerability because the load method fails to recognize and remove "" HTML tags that contain a whitespace character. Note that the scanner has not tested for these...

6.1CVSS6.4AI score0.06273EPSS
Exploits4References2
Microsoft CVE
Microsoft CVE
added 2024/09/11 7:0 a.m.4 views

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the '<' character limiting exploitability only to attackers who can control the beginning of a string which is far less common.

...

6.1CVSS6.8AI score0.08632EPSS
Exploits6
OSV
OSV
added 2024/01/10 9:15 a.m.5 views

CVE-2020-26629

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server...

9.8CVSS5.8AI score0.01181EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2024/01/10 12:0 a.m.4 views

CVE-2020-26629

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server...

9.5AI score0.01181EPSS
Exploits3References1
OSV
OSV
added 2024/01/02 5:15 a.m.5 views

AZL-43636 CVE-2023-26159 affecting package js-jquery 3.5.0-4

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse function. When new URL throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect...

6.1CVSS6.7AI score0.00797EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2023/11/11 12:0 a.m.6 views

The vulnerability of the jQuery library lies in its lack of protection for website structures, allowing attackers to execute cross-site scripting attacks.

The vulnerability of the jQuery library is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting using AJAX requests...

6.4CVSS6.7AI score0.29726EPSS
Exploits2References39Affected Software50
BDU FSTEC
BDU FSTEC
added 2023/11/09 12:0 a.m.5 views

The vulnerability of the jQuery library, related to the lack of measures taken to protect the structure of web pages, allows attackers to execute cross-site scripting attacks.

The vulnerability of the jQuery library is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to perform a cross-site scripting attack using the load method...

6.4CVSS6.5AI score0.06273EPSS
Exploits4References9Affected Software6
Amazon
Amazon
added 2023/09/25 12:0 a.m.9 views

Important: ruby

Issue Overview: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the...

8.1CVSS7.1AI score0.29726EPSS
Exploits8
OSV
OSV
added 2023/07/29 11:5 a.m.4 views

OESA-2023-1446 doxygen security update

Doxygen is the de facto standard tool for generating documentation from annotated C++ sources, but it also supports other popular programming languages such as C, Objective-C, C, PHP, Java, Python, IDL Corba, Microsoft, and UNO/OpenOffice flavors, Fortran, VHDL, Tcl, and to some extent D. Securit...

7.3AI score
Exploits5References2
RedHat Linux
RedHat Linux
added 2023/03/01 10:2 p.m.6 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
RedHat Linux
RedHat Linux
added 2023/03/01 9:58 p.m.4 views

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

6.9CVSS6.5AI score0.99019EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2023/03/01 9:45 p.m.5 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.193 views

K62532311: jQuery vulnerability CVE-2012-6708

Security Advisory Description jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the ' Identified L...

6.1CVSS6.4AI score0.08632EPSS
Exploits6Affected Software14
F5 Networks
F5 Networks
added 2023/02/21 6:33 p.m.813 views

K29562170: jQuery vulnerability CVE-2015-9251

Security Advisory Description jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.CVE-2015-9251 Impact This vulnerability allows a remote attacker to perfo...

6.1CVSS6.9AI score0.29726EPSS
Exploits2Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.3 views

SUSE CVE-2012-6708

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

6.8CVSS6.2AI score0.08632EPSS
Exploits6References6
SUSE CVE
SUSE CVE
added 2023/02/15 5:10 a.m.5 views

SUSE CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

6.1CVSS8AI score0.29726EPSS
Exploits2References8
Rows per page
Query Builder