USN-7622-1 jquery vulnerabilities

It was discovered that jQuery did not correctly handle HTML tags. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 14.04 LTS. CVE-2012-6708 It was discovered that jQuery did not correctly handle unsanitized source objects due ...

USN-7622-1: jQuery vulnerabilities

It was discovered that jQuery did not correctly handle HTML tags. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 14.04 LTS. CVE-2012-6708 It was discovered that jQuery did not correctly handle unsanitized source objects due ...

Progress多款产品 跨站脚本漏洞

Progress Telerik UI for ASP.NET Core and others are products of Progress, Inc.Progress Telerik UI for ASP.NET Core is a set of UI component libraries for building cross-platform responsive web applications.Progress Telerik UI for Progress Telerik UI for ASP.NET MVC is a library of UI components f...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.101060)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.101060 advisory. - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.0.1.1)

The version of AHV installed on the remote host is prior to AHV-10.0.1.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.0.1.1 advisory. - libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and...

Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat

Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat By Trellix · June 18, 2025 This blog was also written by Trishaan Kalra Introduction What happens when a trusted open source library becomes a conduit for stealthy malware delivery? That question became reality when the...

TencentOS Server 2: pcs (TSSA-2022:0280)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2022:0280 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities...

TencentOS Server 2: doxygen (TSSA-2025:0155)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0155 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 3: tbb (TSSA-2025:0191)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0191 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-49468 Joomla Extension - nobossextensions.com - SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla

A SQL injection vulnerability in No Boss Calendar component before 5.0.7 for Joomla was discovered. The vulnerability allows remote authenticated users to execute arbitrary SQL commands via the idmodule parameter...

CVE-2025-22798

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CHR Designer Responsive jQuery Slider responsive-jquery-slider allows Stored XSS.This issue affects Responsive jQuery Slider: from n/a through = 1.1.1...

CVE-2025-22546

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Obaid Hossain jQuery TwentyTwenty js-twentytwenty allows Stored XSS.This issue affects jQuery TwentyTwenty: from n/a through = 1.0...

CVE-2024-24849

Cross-Site Request Forgery CSRF vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1...

CVE-2024-56287

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AppJetty WP jQuery DataTable wp-jquery-datatable allows Stored XSS.This issue affects WP jQuery DataTable: from n/a through = 4.0.1...

CVE-2024-4783

The jQuery T- Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-5432

The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-5113

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI...

CVE-2023-5430

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

Malicious code in jquery.currencies (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2e84dbc5236755b427f757bbfee2cc19e5bcaa36be99d85cbe488921ecc812f5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2021-43862

jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting XSS vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code...