AZL-45141 CVE-2022-0436 affecting package js-jquery 3.5.0-4

Path Traversal in GitHub repository gruntjs/grunt prior to 1.5.2...

stored xss due to unsantized anchor url

BUG ====== stored xss due to unsantized anchor url SUMMURY ========= using fullpage.js you can create a anchor tag . But when put href in anchor then it does not sanitize the url which allow to break context of anchor element and can add our new element . I see main javascript or other javascript...

Bootstrap Tables XSS vulnerability with Table Export plug-in when exportOptions: htmlContent is true

Description Hello and thank you for the wonderful library! We use it extensively in our app. However, I think we've identified an XSS vulnerability in the Export plug-in. If you set the exportOptions in your Bootstrap Table to true, then you can force arbitrary Javascript to execute see the...

AZL-44583 CVE-2021-44906 affecting package js-jquery 3.5.0-4

Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95...

CVE-2021-43956

The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability...

CVE-2021-43956

The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability...

Code injection

The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability...

CVE-2021-43956

The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability...

CVE-2021-43956

CVE-2021-43956 affects Atlassian Fisheye and Crucible prior to 4.8.9 due to a prototype-pollution flaw in the jQuery deserialize library. The root cause is the vulnerability’s ability to inject arbitrary HTML and/or JavaScript via deserialization, enabling remote attackers to exploit affected dep...

CVE-2021-43956

The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability...

CuppaCMS Remote Code Execution Vulnerability (CNVD-2022-22311)

CuppaCMS is a content management system and the vulnerability exploits the component /jqueryfileupload/server/php/index.php to allow attackers to upload arbitrary files.A remote code execution vulnerability exists in CuppaCMS, which allows attackers to execute arbitrary code via a carefully craft...

OneWeb: Cross-site scripting (DOM-based)

Issue detail The application may be vulnerable to DOM-based cross-site scripting. Data is read from window.location.hash and passed to $. The exploitability of this issue might depend on the specific version of jQuery that is being used. Issue background DOM-based vulnerabilities arise when a...

CuppaCMS 代码问题漏洞

CuppaCMS is a content management system and the vulnerability exploits the component /jqueryfileupload/server/php/index.php to allow attackers to upload arbitrary files.A remote code execution vulnerability exists in CuppaCMS, which allows attackers to execute arbitrary code via a carefully craft...

WordPress Core 5.9.0 / 5.9.1 Cross Site Scripting Vulnerability

Contributor+ Stored Cross Site Scripting Vulnerability Description: Contributor+ Stored XSS Affected Versions: WordPress Core 5.9.0-5.9.1 CVE ID: Pending CVSS Score: 8.0 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Fully Patched Version: 5.9.2 Researcher/s: Ben Bidner WordPress...

WordPress Multiple Vulnerabilities (Mar 2022) - Windows

WordPress is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

jQuery UI Datepicker Widget Cross Site Scripting (CVE-2021-41182; CVE-2021-41183)

A cross site scripting vulnerability exists in the jQuery UI Datepicker widget. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...

Security Bulletin: Vulnerabilities in Polkit, PostgreSQL, OpenSSL, OpenSSH, and jQuery affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in Polkit, PostgreSQL, OpenSSL, OpenSSH, and jQuery can affect IBM Spectrum Copy Data Management. Vulnerabilities include elevated privileges, SQL injection, obtaining sensitive information, cross-site scripting, and man-in-the-middle attacks. Vulnerability Details CVEID:...

WordPress < 5.9.2 - Prototype Pollution in jQuery

Description The jQuery library used in WordPress is affected by a Prototype Pollution issue...

wordpress -- multiple issues

wordpress developers reports: This security and maintenance release features 1 bug fix in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. The security team would li...

CVE-2021-43956: Javascript Prototype Pollution in the jQuery deserialize library

The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. Affected versions: version 4.8.9 Fixed versions: 4.8.9...