jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update

An update is now available for Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

jquery: Cross-site scripting via cross-domain ajax requests

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

CVE-2014-8739

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...

CVE-2014-8739

CVE-2014-8739 : Unrestricted file upload in the jQuery File Upload Plugin 6.4.4, used by Creative Solutions Sexy Contact Form (WordPress <= 1.0.0, Joomla! <= 2.0.1), allows remote attackers to upload a PHP file via UploadHandler.php and execute code by requesting the file in the installed f...

CVE-2014-8739

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute...

VulnCheck KEV: CVE-2014-8739

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form formerly Sexy Contact Form before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to...

Oracle Application Testing Suite Multiple Vulnerabilities (Jan 2020 CPU)

The version of Oracle Application Testing Suite installed on the remote host is affected by multiple vulnerabilities : - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Oracle Flow Builder Jython. Supported versions that are affected are...

AZL-44298 CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

AZL-47271 CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

Security Bulletin: IBM Tivoli Netcool Impact is affected by a jQuery vulnerability (CVE-2015-9251)

Summary IBM Tivoli Netcool Impact has addressed the following jQuery vulnerability. Vulnerability Details CVEID: CVE-2015-9251 DESCRIPTION: jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing...

Security Bulletin: IBM Tivoli Netcool Impact is affected by a jQuery vulnerability (CVE-2019-11358)

Summary IBM Tivoli Netcool Impact has addressed the following jQuery vulnerability. Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an...

[R1] Nessus Network Monitor 5.11.0 Fixes Multiple Third-party Vulnerabilities

Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several third-party components OpenSSL, jQuery and moment.js were found to contain vulnerabilities, and updated versions have been made available by the providers...

Security Bulletin: Vulnerability in jQuery affects IBM Watson Studio Local

Summary Security Bulletin: Vulnerability in jQuery affects IBM Watson Studio Local Vulnerability Details CVEID: CVE-2019-11358 DESCRIPTION: jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an...

AntiDisposmail - Detecting Disposable Email Addresses

Antbot.pw provides a free, open API endpoint for checking a domain or email address against a frequently-updated list of disposable domains. CORS is enabled for all originating domains, so you can call the API directly from your client-side code. GET https://antibot.pw/api/[email protected]...

The vulnerability of the jQuery.extend function (true, {}, …) in the jQuery library allows a attacker to compromise the confidentiality and integrity of the protected information.

The vulnerability of the jQuery.extend function exists because measures to protect the structure of web pages are not taken. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality and integrity of the protected information...

Oracle Enterprise Manager Ops Center (Jan 2019 CPU)

The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in Enterprise Manager Base Platform component: - An unspecified vulnerability in the subcomponent Networking jQuery of Enterprise Manager Ops Center. Supported versions that...

CVE-2019-8121

CVE-2019-8121 affects Magento 2.x prior to the listed fixes: 2.1 before 2.1.19, 2.2 before 2.2.10, and 2.3 before 2.3.3. The issue arises from Magento’s codebase using outdated JS libraries (Bootstrap, jQuery, Knockout) with known vulnerabilities. The documented impact is high/critical, and remed...

Design/Logic Flaw

The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js...

CVE-2015-9500

The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js...