CVE-2021-37504

CVE-2021-37504 concerns an XSS in the fileNameStr parameter of the jQuery-Upload-File library (v4.0.11). Multiple connected sources corroborate that a crafted file name containing a Javascript payload can cause arbitrary web script execution. The root cause is the unsanitized fileNameStr input; e...

CVE-2021-37504

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

PT-2022-10654 · Unknown · Jquery File Upload

Name of the Vulnerable Software and Affected Versions: jQuery-Upload-File version 4.0.11 Description: A cross-site scripting XSS issue exists due to a vulnerability in the fileNameStr parameter, allowing attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript paylo...

Hayageek Jquery Upload File跨站脚本漏洞

Hayageek Jquery Upload File is a jQuery-based file upload plugin from Hayageek's personal developer. Hayageek Jquery Upload File v4.0.11 contains a cross-site scripting vulnerability that could be exploited by attackers to execute arbitrary web script or HTML via a specially crafted file with a...

CVE-2022-24984

Forms generated by JQueryForm.com before 2022-02-05 if file-upload capability is enabled allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content...

CVE-2022-24984

Forms generated by JQueryForm.com before 2022-02-05 if file-upload capability is enabled allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content...

CVE-2022-24982

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials...

CVE-2022-24982

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to access the cleartext credentials of all other form users. admin.php contains a hidden base64-encoded string with these credentials...

CVE-2022-24983

Forms generated by JQueryForm.com before 2022-02-05 allow remote attackers to obtain the URI to any uploaded file by capturing the POST response. When chained with CVE-2022-24984, this could lead to unauthenticated remote code execution on the underlying web server. This occurs because the Unique...

JqueryForm.com Jquery Form Builder 安全漏洞

JqueryForm.com Jquery Form Builder is a form builder from JqueryForm.com, Inc. A code issue vulnerability exists in the JqueryForm.com Jquery Form Builder that stems from JqueryForm.com forms generated prior to 2022-02-05 if file upload functionality is enabled that allows a remote, unauthenticat...

JqueryForm.com Jquery Form Builder 安全漏洞

JqueryForm.com Jquery Form Builder is a form builder from JqueryForm.com, Inc. An information disclosure vulnerability exists in the JqueryForm.com Jquery Form Builder, which stems from forms generated by JQueryForm.com prior to February 5, 2022 that allow a remote authenticated attacker to acces...

JqueryForm.com Jquery Form Builder 跨站脚本漏洞

JqueryForm.com Jquery Form Builder is a form builder from JqueryForm.com, Inc. JqueryForm.com Jquery Form Builder suffers from a cross-site scripting vulnerability that stems from a Reflected Cross-Site Scripting XSS vulnerability in forms generated by JQueryForm.com prior to February 5, 2022 tha...

JqueryForm.com Jquery Form Builder 安全漏洞

JqueryForm.com Jquery Form Builder is a form builder from JqueryForm.com, Inc. A security vulnerability exists in Jquery Form Builder that stems from a generated form that allows a remote, authenticated attacker to bypass authentication and access the administrative portion of other forms hosted ...

PT-2022-17032 · Unknown · Jqueryform

Name of the Vulnerable Software and Affected Versions: JQueryForm.com versions prior to 2022-02-05 Description: The issue allows a remote authenticated attacker to bypass authentication and access the administrative section of other forms hosted on the same web server. This is particularly releva...

Cross-site Scripting (XSS)

Overview toastr is a Javascript library for non-blocking notifications. jQuery is required. The goal is to create a simple core library that can be customized and extended Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the missing sanitization of message and...

AZL-45156 CVE-2022-0536 affecting package js-jquery 3.5.0-4

Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8...

AlmaLinux 8 : pcs (ALSA-2021:4142)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2021:4142 advisory. - jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove HTML tags that contain a...

Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF

The plugin does not have CSRF check in the lswsssaveattachmentdata AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media. jQuery.postajaxurl, action: "lswsssaveattachmentdata", attachmentid: 564, formdata:...

Vulnerabilities fixed in Drupal core

Drupal developers have fixed vulnerabilities in Drupal core. The vulnerabilities are in jQuery UI. It is possible that this security vulnerability could be exploited with some Drupal modules and could result in a Cross-Site Scripting XSS vulnerability. Drupal developers have released updates to f...

Drupal 8.x, 9.x < 9.2.11, 9.3.x < 9.3.3 XSS Vulnerability (SA-CORE-2022-001) - Linux

Drupal is prone to a cross-site scripting XSS vulnerability in jQuery UI. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...