2406 matches found
npm jquery-validation 安全漏洞
npm jquery-validation is a form insertion validation application provided by npm, Inc. npm jquery-validation version 1.19.3 contains a denial of service vulnerability, which stems from the fact that an attacker who is able to provide arbitrary input to the url2 method can trigger a denial of...
CVE-2021-43306 Exponential ReDoS in jquery-validation
An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...
CVE-2021-43306
An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method...
CVE-2021-43306
The CVE-2021-43306 entry concerns the jQuery Validation Plugin (jquery-validation). The vulnerability is a Regular Expression Denial of Service (ReDoS) triggered when an attacker can supply arbitrary input to the url2 method, due to an incomplete fix for CVE-2021-43306. Affected versions are thos...
PT-2022-11818 · Npm · Jquery-Validation
Name of the Vulnerable Software and Affected Versions: jquery-validation npm package affected versions not specified Description: An exponential ReDoS Regular Expression Denial of Service can be triggered in the jquery-validation npm package when an attacker is able to supply arbitrary input to t...
jquery-ui: XSS in *Text options of the datepicker widget
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...
jquery-ui: XSS in the 'of' option of the .position() util
jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...
[R3] Nessus Version 10.2.0 Fixes Multiple Vulnerabilities
R3 Nessus Version 10.2.0 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 05/26/2022 - 09:30 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components zlib, expat, jQuery UI were found to contain vulnerabilities, and updated versions hav...
GHSA-Q9XG-H756-8689 jquery-plugin-query-object contains prototype pollution vulnerability
Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype...
jquery-plugin-query-object contains prototype pollution vulnerability
Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype...
GHSA-4VR7-M8P8-434H MediaWiki Cross-site Scripting (XSS) vulnerability
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss and turns it into a jQuery object with mw.message.parse. The expected result is that the jQuery object does not contain an tag or it does...
MediaWiki Cross-site Scripting (XSS) vulnerability
In MediaWiki before 1.31.9 and 1.32.x through 1.34.x before 1.34.3, XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss and turns it into a jQuery object with mw.message.parse. The expected result is that the jQuery object does not contain an tag or it does...
SUSE-SU-2022:1729-1 Security update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud
This update for ardana-barbican, grafana, openstack-barbican, openstack-cinder, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-ironic, openstack-keystone, openstack-neutron-gbp, python-lxml, release-notes-suse-openstack-cloud fixes the following issues: Security fixes included on...
GHSA-WXG6-F773-G2F7 jQuery File Upload Plugin Unrestricted file upload vulnerability
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...
jQuery File Upload Plugin Unrestricted file upload vulnerability
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...
GHSA-5VPR-V24W-MMJJ Drupal cross site scripting vulnerability
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...
Drupal cross site scripting vulnerability
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...
jQuery vulnerable to Cross-Site Scripting (XSS)
Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...
GHSA-579V-MP3V-RRW5 jQuery vulnerable to Cross-Site Scripting (XSS)
Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...
Cross-site Scripting in wicket-jquery-ui
In wicket-jquery-ui = 6.29.0, = 7.10.1, = 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display...