jQuery File Upload Plugin Unrestricted file upload vulnerability

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...

GHSA-5VPR-V24W-MMJJ Drupal cross site scripting vulnerability

A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...

Drupal cross site scripting vulnerability

A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...

jQuery vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...

GHSA-579V-MP3V-RRW5 jQuery vulnerable to Cross-Site Scripting (XSS)

Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...

Cross-site Scripting in wicket-jquery-ui

In wicket-jquery-ui = 6.29.0, = 7.10.1, = 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display...

GHSA-PJV3-RH6V-2PJ8 Cross-site Scripting in wicket-jquery-ui

In wicket-jquery-ui = 6.29.0, = 7.10.1, = 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display...

Cross-site Scripting in wicket-jquery-ui

In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...

GHSA-PWPC-HQQ2-HX2X Cross-site Scripting in wicket-jquery-ui

In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier, a security issue has been discovered in the WYSIWYG editor that allows an attacker to submit arbitrary JS code to WYSIWYG editor...

com.amashchenko.struts2.actionflow:struts2-actionflow-plugin (=2.4.0), com.amashchenko.struts2.actionflow:struts2-actionflow-showcase (=2.4.0) +68 more potentially affected by CVE-2016-3081 via org.apache.struts:struts2-core (>=2.3.1.1 <=2.3.20.1)

org.apache.struts:struts2-core MAVEN version =2.3.1.1, =1.2.2, =1.2.2, =1.2.2, =1.2.2, =1.1.0, =1.1.0, =2.0.1 - com.jgeppert.struts2.jquery:struts2-jquery-chart-plugin =3.3.0 - com.jgeppert.struts2.jquery:struts2-jquery-grid-plugin =3.3.0 - com.jgeppert.struts2.jquery:struts2-jquery-mobile-plugin...

NewStart CGSL CORE 5.05 / MAIN 5.05 : ipa Vulnerability (NS-SA-2022-0037)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has ipa packages installed that are affected by a vulnerability: - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one ...

redis-commander (>=0.6.7 <=0.7.2) potentially affected by CVE-2022-30241 via jquery.json-viewer (=1.4.0)

jquery.json-viewer NPM version =1.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on jquery.json-viewer and may be impacted: - redis-commander =0.6.7, =0.7.2 Source cves: CVE-2022-30241 Source advisory: OSV:GHSA-QP2Q-6H9J-JG2R...

Security Bulletin: Cross-site scripting vulnerabilities in jQuery may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-11022, CVE-2020-11023

Summary A copy of the open source library jQuery is shipped as part of the swagger-ui in IBM Business Process Manager and IBM Business Automation Workflow. Cross-Site scripting vulnerabilities have been reported for this library. Vulnerability Details CVEID: CVE-2020-11022 DESCRIPTION: jQuery is...

Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation

Summary Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation Vulnerability Details CVEID: CVE-2017-0247 DESCRIPTION: Microsoft ASP.NET Core is vulnerable to a denial of service, caused by improper validation of web requests in the TextEncoder.EncodeCore function. ...

Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation

Summary Security Bulletin: Multiple Vulnerabilities may affect IBM Robotic Process Automation Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could...

CVE-2022-30241

The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...

CVE-2022-30241

The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...

CVE-2022-30241

The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...

Input validation

The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...

CVE-2022-30241

The CVE-2022-30241 entry concerns the jquery.json-viewer library for Node.js up to version 1.4.0, where improper escaping of characters (notably “