CVE-2021-37504

A cross-site scripting XSS vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name...

CVE-2021-20084

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype...

CVE-2021-20086

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype...

CVE-2021-20087

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution' in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype...

CVE-2021-24543

The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue...

CVE-2020-26629

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server...

CVE-2020-6978

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries...

CVE-2019-13488

A cross-site scripting XSS vulnerability in static/js/trape.js in Trape through 2019-05-08 allows remote attackers to inject arbitrary web script or HTML via the country, query, or refer parameter to the /register URI, because the jQuery prepend method is used...

CVE-2019-1010113

Premium Software CLEditor 1.4.5 and earlier is affected by: Cross Site Scripting XSS. The impact is: An attacker might be able to inject arbitrary html and script code into the web site. The component is: jQuery plug-in. The attack vector is: the victim must open a crafted href attribute of a lin...

CVE-2015-9478

prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS...

CVE-2017-1000234

I, Librarian version =4.6 & 4.7 is vulnerable to Directory Enumeration in the jqueryFileTree.php resulting in attacker enumerating directories simply by navigating through the "dir" parameter...

CVE-2015-9500

The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js...

OPENSUSE-SU-2025:15117-1 ruby3.4-rubygem-jquery-rails-4.6.0-1.7 on GA media

These are all security issues fixed in the ruby3.4-rubygem-jquery-rails-4.6.0-1.7 package on the GA media of openSUSE Tumbleweed...

Security Bulletin: Vulnerabilities in jQuery, Moment, Jackson-mapper-asl and Red Hat JBoss Enterprise Application Platform might affect IBM Storage Defender Copy Data Management.

Summary IBM Storage Defender Copy Data Management can be affected by vulnerabilities in jQuery, Moment, Jackson-mapper-asl and Red Hat JBoss Enterprise Application Platform. Vulnerabilities include an attacker or a remote attacker could use or exploit these vulnerabilities to steal the victim's...

jquery: Cross-site scripting

A flaw was found in jQuery, where it is vulnerable to Cross-site scripting, caused by the improper validation of user-supplied input by the element. This flaw allows a remote attacker to use a specially crafted URL to execute a script in a victim's web browser within the security context of the...

CVE-2025-3597

The Firelight Lightbox WordPress plugin before 2.3.15 does not prevent users with post writing capabilities from executing arbitrary Javascript when the jQuery Metadata library is enabled. While this feature is meant to only be available to Pro version users, it can be activated in the free versi...

Alibaba Cloud Linux 3 : 0037: pki-core:10.6 (ALINUX3-SA-2021:0037)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2021:0037 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-11023: In jQuery versions greater...

Alibaba Cloud Linux 3 : 0032: gcc-toolset-13-gcc (ALINUX3-SA-2025:0032)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0032 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-11023: In jQuery versions greater than or...

Alibaba Cloud Linux 3 : 0031: tbb (ALINUX3-SA-2025:0031)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0031 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-11023: In jQuery versions greater than or...

Alibaba Cloud Linux 3 : 0030: doxygen (ALINUX3-SA-2025:0030)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2025:0030 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2020-11023: In jQuery versions greater than or...