jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

Moderate: Red Hat Security Advisory: python-XStatic-jQuery security update

An update for python-XStatic-jQuery is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

UBUNTU-CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler ...

Security Bulletin: Vulnerability in jQuery affects IBM Tririga Application Platform (CVE-2019-11358)

Summary jQuery used by IBM Tririga Application Platform is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the...

JQuery < 1.9.0 XSS

According to the self-reported version in the script, the version of JQuery hosted on the remote web server is prior to 1.9.0. It is, therefore, affected by a cross site scripting vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid135011; scriptversion"1.3...

js-jquery: XSS in responses from cross-origin ajax requests

REJECTED CVE This CVE has been rejected. This candidate is a duplicate of CVE-2015-9251. Note: All CVE users should reference CVE-2015-9251 instead of this candidate...

Important: Red Hat Security Advisory: Red Hat Fuse 7.6.0 security update

A minor version update from 7.5 to 7.6 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

jquery: Cross-site scripting via cross-domain ajax requests

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

CVE-2020-6978

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries...

CVE-2020-6978

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries...

Design/Logic Flaw

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries...

CVE-2020-6978

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries...

CVE-2020-6978

CVE-2020-6978 affects Honeywell WIN-PAK Web (and prior) versions, caused by using obsolete jQuery libraries. The Red Hat/NVD/CRON-derived records align on a Web front-end flaw enabling remote code execution under certain conditions, with CVSSv3 base score 7.2 (HIGH) and vector AV:N/AC:L/PR:N/UI:N...

AZL-44115 CVE-2020-7598 affecting package js-jquery 3.5.0-4

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "proto" payload...

GHSA-3HW5-Q855-G6CW Prototype Pollution in Dojox

The Dojox jQuery wrapper jqMix mixin method is vulnerable to Prototype Pollution. Affected Area: //https://github.com/dojo/dojox/blob/master/jq.jsL442 var tobj = ; forvar x in props // the "tobj" condition avoid copying properties in "props" // inherited from Object.prototype. For example, if obj...

Prototype Pollution in Dojox

The Dojox jQuery wrapper jqMix mixin method is vulnerable to Prototype Pollution. Affected Area: //https://github.com/dojo/dojox/blob/master/jq.jsL442 var tobj = ; forvar x in props // the "tobj" condition avoid copying properties in "props" // inherited from Object.prototype. For example, if obj...

Creative Contact Form 4.6.2 Directory Traversal Vulnerability

Creative Contact Form version 4.6.2 before Dec 03 2019 suffers from a directory traversal vulnerability. Directory Traversal in Creative Contact Form Overview Identifier: AIT-SA-20200301-01 Target: Creative Contact Form for Joomla Vendor: Creative Solutions Version: 4.6.2 before Dec 03 2019 CVE:...

jquery: Cross-site scripting via cross-domain ajax requests

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

GitLab: Stored XSS in blob viewer

Summary I found a Stored-XSS in blob viewer when viewing a json file. In particular, when viewing an openapi file, openapiviewer is called to transfer the file's data to SwaggerUIBundle to render. SwaggerUIBundle does its job when rending graphical representation of the openapi's content. It also...

[SECURITY] [DLA 2118-1] otrs2 security update

Package : otrs2 Version : 3.3.18-1+deb8u14 CVE ID : CVE-2019-11358 Debian Bug : 927385 It was discovered that the jQuery version embedded in OTRS, a ticket request system, was prone to a cross site scripting vulnerability in jQuery.extend. For Debian 8 "Jessie", this problem has been fixed in...