2423 matches found
CVE-2010-5312
Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...
PT-2014-2424 · Jquery +2 · Jquery Ui +2
Name of the Vulnerable Software and Affected Versions: jQuery UI versions prior to 1.10.0 Description: A cross-site scripting XSS issue exists in the default content option in jquery.ui.tooltip.js in the Tooltip widget. This allows remote attackers to inject arbitrary web script or HTML via the...
CVE-2010-5312
CVE-2010-5312 is a cross-site scripting (XSS) vulnerability in the jQuery UI Dialog widget (jquery.ui.dialog.js) where the title option for the dialog could be attacker-controlled to inject arbitrary script/HTML. It affects jQuery UI prior to 1.10.0. Public disclosures across Debian, Fedora, Red ...
CVE-2010-5312
Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...
CVE-2010-5312
Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...
PT-2014-2103 · Jquery +2 · Jquery Ui +2
Name of the Vulnerable Software and Affected Versions: jqueryui versions prior to 1.10.0 jqueryui version 1.8.ooops.21+dfsg-2+deb7u2 jqueryui version 1.10.1+dfsg-1 Description: A cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows...
SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory 20140710-0 ======================================================================= title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and below fixed...
ElfChat 5.2.0 Pro Cross Site Scripting
ElfChat 5.2.0 Pro Reinstall SCript EXploits =========================================== Author : indoushka Vondor : http://elfchat.ru/ Dork: 2011 Elfet - ElfChat 5.2.0 Pro ========================== XSS Reflected - Jquery 1.4.2 $function $'users'.eachfunction var select = $this; var option =...
Oscommerce 2.3.4 XSS / HPP / File Inclusion
Oscommerce2.3.4 multi Vulnerability 0-Day ========================================= Author : indoushka Vondor : http://www.oscommerce.com/ Dork : Powered by osCommerce ========================================= File inclusion : It seems that this script includes a file which name is determined usi...
Get Simple CMS 3.3.3 Information Disclosure / XSS
GetSimpleCMS3.3.3 multi Vulnerability ====================================== Author : indoushka Vondor : http://get-simple.info/ Dork: © 2009-2014 GetSimple CMS – Version 3.3.3 ================================================== info : http://127.0.0.1/GetSimpleCMS3/backups/users/admin.xml.bak...
Second jQuery Hack of Week Reported
Update A day after a compromise of the jQuery website was disclosed, the open source JavaScript library is dealing with a second attack. JQuery Foundation board member Ralph Whitbeck confirmed via email to Threatpost that a new compromise was under way and the organization was taking steps to...
jQuery Official Website Compromised To Serve Malware
The official website of the popular cross-platform JavaScript library jQuery jquery.com has been compromised and redirecting its visitors to a third-party website hosting the RIG exploit kit, in order to distribute information-stealing malware. JQuery is a free and open source JavaScript library...
jQuery.com Hacked, Redirecting to RIG Exploit Kit
Owners of websites built using the jQuery library are being warned of an attack against the toolkit’s website which is redirecting visitors to a third-party site hosting the RIG exploit kit. JQuery is a free and open source JavaScript library used for a number of things, including building AJAX...
Wordpress jQuery mOover Admin Bypass Vulnerability
An attacker can change configurations of this Wordpress-Slideshow Plugin without admin-rights. 3 Proof-Examples are enclosed. This is private exploit. You can buy it at https://0day.today...
JQuery 1.4.2 Cross Site Scripting Vulnerability
JQuery version 1.4.2 suffers from a create object option in runtime client-side cross site scripting vulnerability. XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side From: Mauro Risonho de Paula Assumpção Date: 02.09.2014 13:21:20 -0300 VSLA Security Advisory...
JQuery 1.4.2 Cross Site Scripting
XSS Reflected JQuery 1.4.2 - Create object option in runtime client-side From: Mauro Risonho de Paula Assumpção Date: 02.09.2014 13:21:20 -0300 VSLA Security Advisory FIRE-XSS-Reflected-Jquery 1.4.2 2014-001: XSS Reflected JQuery 1.4.2 LEVEL: MEDIUM In our tests authorized by the customer, we can...
DomainTrader Domain Parking / Auction Script 2.5.3 CSRF / XSS
Exploit Title: DomainTrader Domain Parking and Auction Script Multiple 0day Vulnerabilities Google Dork: Find yourself xD Date: 26/8/2014 Exploit Author: Haider Mahmood | @HaiderMQ Vendor Homepage: http://www.smartscriptsolutions.com/domain-trader/ Version: Tested on Latest Version 2.5.3 Add new...
Superfish 7.x-1.9 Cross Site Scripting
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Superfish 7.x-1.9 Cross Site Scripting Vulnerability ==================================================== Author: Ubani A Balogun Reported: June 25, 2014 Product Description: - -------------------- Superfish integrates jQuery Superfish plugin with you...
HTML5 jQuery Audio Player 2.3 - playlist/add_playlist.php Multiple Parameter Stored XSS Weakness
The HTML5 jQuery Audio Player WordPress plugin was affected by a playlist/addplaylist.php Multiple Parameter Stored XSS Weakness security vulnerability...
HTML5 jQuery Audio Player 2.3 - playlist/add_playlist.php id Parameter SQL Injection
The HTML5 jQuery Audio Player WordPress plugin was affected by a playlist/addplaylist.php id Parameter SQL Injection security vulnerability...