CVE-2021-41182

CVE-2021-41182 is an XSS in the jQuery-UI Datepicker altField path (embedded in some OTRS deployments). Affected version observed as 1.12.1 copy; the issue is fixed in jQuery UI 1.13.0 by treating any altField value as a CSS selector. Debris from related CVEs (41183/41184) describe similar issues...

CVE-2021-41183

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...

CVE-2021-41183 XSS in `*Text` options of the Datepicker widget

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...

CVE-2021-41183

CVE-2021-41183 concerns jQuery-UI’s Datepicker in the embedded jQuery-UI copy used by OTRS (notably in the 1.12.1 series). The vulnerability arises from accepting values for the various *Text options from untrusted sources, which could allow execution of untrusted code. The issue is fixed in jQue...

CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...

jQuery 跨站脚本漏洞

jQuery is the United States John Resig individual developers of a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has modularity , plug-in extensions and other features . A cross-site scripting vulnerability exists in...

jQuery 跨站脚本漏洞

jQuery is the United States John Resig individual developers of a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript , and has a modular , plug-in extensions and other features . A cross-site scripting vulnerability exists in...

Openjs Jquery Ui 跨站脚本漏洞

Openjs Jquery Ui is a code library from the Openjs Foundation for creating interactive user interfaces based on the Javascript language. A cross-site scripting vulnerability exists in Openjs Jquery Ui versions prior to 1.13.0, which allows an attacker to execute arbitrary code via the value of th...

CVE-2021-41184

CVE-2021-41184 describes an XSS in jQuery-UI before 1.13.0 where untrusted input passed to the of option of the .position() utility could lead to code execution. The connected documents confirm the issue affects jQuery-UI embedded in other software (e.g., OTRS/IU contexts) and state the fix is to...

CVE-2021-41183

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...

CVE-2021-24543

The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue...

Cross site scripting

The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue...

CVE-2021-24543 jQuery Reply to Comment <= 1.31 - CSRF to Stored Cross-Site Scripting

The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue...

CVE-2021-24543

CVE-2021-24543 corresponds to the WordPress plugin jQuery Reply to Comment (versions

PT-2021-16063 · WordPress · Jquery Reply To Comment

Name of the Vulnerable Software and Affected Versions: jQuery Reply to Comment WordPress plugin versions 1.31 and earlier Description: The issue concerns a Stored Cross-Site Scripting problem. It arises because the plugin lacks a CSRF check when saving its settings and does not properly sanitise ...

Out-of-Date JQuery Detected

An out-of-date version of JQuery has been detected. An outdated version could have vulnerabilities or missing security features. No source data...

Oracle GoldenGate (Oct 2021 CPU)

The All Supported Versions versions of GoldenGate installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory. - Vulnerability in Oracle GoldenGate component: Install Dell BSAFE Crypto-J. The supported version that is affected is Prior to...

Exploit for Cross-site Scripting in Jquery

CVE-2020-11022 CVE-2020-11023 In jQuery versions greater th...

PYSEC-2021-372

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of jQuery.html, there are a whole host of cross-site scripting possibilities with...

CVE-2021-41132

OMERO.web (web client/infrastructure) is vulnerable in versions before 5.11.0 due to improper HTML escaping in multiple templates and the use of jQuery.html(), enabling cross-site scripting (XSS) with crafted input. The issue affects OMERO.web before 5.11.0 (and related components per advisories)...