CVE-2023-53892 Blackcat CMS 1.4 Remote Code Execution via Jquery Plugin Manager

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin'...

CVE-2023-53892

Summary: CVE-2023-53892 affects Blackcat CMS 1.4 with a remote code execution flaw in the jquery plugin manager. Authenticated admins can upload ZIP packages containing a PHP shell and trigger arbitrary system commands by accessing the uploaded plugin file with a code parameter. Affected software...

PT-2025-51310

Name of the Vulnerable Software and Affected Versions Blackcat CMS version 1.4 Description Blackcat CMS version 1.4 has a remote code execution issue. Authenticated administrators can upload malicious PHP files using the jquery plugin manager. An attacker can upload a zip file containing a PHP...

com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.4), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=4.0.2 <=5.0.6) +77 more potentially affected by CVE-2025-64775 via org.apache.struts:struts2-core (>=6.0.0 <=6.7.4)

org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =4.0.2, =4.0.2, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2025-64775 Source advisory: SNYK:JAVA-ORG...

com.amazonaws.serverless:aws-serverless-java-container-struts2 (>=1.2 <=1.8.2), com.github.a-pz:struts2-thymeleaf3-plugin (>=1.0.3-RELEASE <=1.2.0-RELEASE) +164 more potentially affected by CVE-2025-64775 via org.apache.struts:struts2-core (>=2.5.1 <=2.5.33)

org.apache.struts:struts2-core MAVEN version =2.5.1, =1.2, =1.0.3-RELEASE, =1.1.9, =0.0.1, =6.0.0, =2.5.1, =2.5.1, =4.0.1 - com.jgeppert.struts2.jquery:struts2-jquery-chart-plugin =4.0.3 - com.jgeppert.struts2.jquery:struts2-jquery-datatables-plugin =4.0.3 -...

com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (=6.0.0), com.jgeppert.struts2.bootstrap:struts2-bootstrap-showcase (=6.0.0) +53 more potentially affected by CVE-2025-64775 via org.apache.struts:struts2-core (>=7.0.0 <=7.0.3)

org.apache.struts:struts2-core MAVEN version =7.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.0, =7.0.3 and more Source cves: CVE-2025-64775 Source advisory: OSV:GHSA-XX7V-HQXH-CJR9...

Cross-site Scripting (XSS)

Overview jquery-multifile is a jQuery Multiple File Selection Plugin Affected versions of this package are vulnerable to Cross-site Scripting XSS via the file name processing. An attacker can execute arbitrary scripts in the context of a victim's browser by providing a file with a specially craft...

GHSA-J4GV-6X9V-V23G OMERO.web uses jquery-form library, which may be vulnerable to XSS attack

Impact OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks. Patches User should upgrade OMERO.web to 5.29.3 or higher...

OMERO.web uses jquery-form library, which may be vulnerable to XSS attack

Impact OMERO.web uses the jquery-form library throughout to handle form submission and response processing. Due to some unpatched potential vulnerabilities in jquery-form, OMERO.web 5.29.2 and earlier may be susceptible to XSS attacks. Patches User should upgrade OMERO.web to 5.29.3 or higher...

EUVD-2025-199100

OMERO.web uses jquery-form library, which may be vulnerable to XSS attack...

Malicious code in jquery-bindings (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31127dd6191c9d3e68e94d705b43d24066f06f37b41f659a5a6831a8a811fc11 The package jquery-bindings was found to contain malicious code. Source: ghsa-malware eb6c4671167bd91b31b632f661a4bc8a3d627412796b9899fae3d0797eb51e3...

EUVD-2025-199219

Malicious code in jquery-bindings npm...

MAL-2025-191113 Malicious code in jquery-bindings (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31127dd6191c9d3e68e94d705b43d24066f06f37b41f659a5a6831a8a811fc11 The package jquery-bindings was found to contain malicious code. Source: ghsa-malware eb6c4671167bd91b31b632f661a4bc8a3d627412796b9899fae3d0797eb51e3...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

TencentOS Server 4: python-XStatic-jquery-ui (TSSA-2025:0080)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0080 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2016-15054

Nagios XI versions prior to 5.4.0 are vulnerable to cross-site scripting XSS via the jQuery Migrate library. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2016-15054

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a downstream effect of an already identified vulnerability, CVE-2012-6708...

CVE-2016-15054

CVE-2016-15054 is rejected/not used and does not represent an active vulnerability entry.

CVE-2016-15054

...

CVE-2016-15054

...