📄 jQuery 3.3.1 Cross Site Scripting

jQuery version 3.3.1 proof of concept exploit that demonstrates cross site scripting via improper script handling and prototype pollution. Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepag...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0. Vulnerability Details CVEID:CVE-2023-51079 DESCRIPTION: MVEL is vulnerable to a denial of service, caused by a TimeOut error...

gifplayer 跨站脚本漏洞

gifplayer is a customizable jquery plugin by Ruben Torres, a personal developer. A cross-site scripting vulnerability exists in gifplayer versions prior to 0.3.7 that stems from cross-site scripting...

CVE-2025-30560

Cross-Site Request Forgery CSRF vulnerability in Sana Ullah jQuery Dropdown Menu jquery-drop-down-menu-plugin allows Stored XSS.This issue affects jQuery Dropdown Menu: from n/a through = 3.0...

Multiple vulnerabilities in PowerCMS

Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 - CVE-2025-29993 Dependency on vulnerable third-party component CWE-1395 - CVE-2021-21252 Alfasado Inc. reported this vulnerability to IPA to notify users of its solution through JVN...

Security Bulletin: Multiple security vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Summary jQuery is used by IBM Robotic Process Automation for Cloud Pak as part of Abbyy CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, CVE-2020-23064. Kubernetes kube-apiserver is used by IBM Robotic Process Automation for Cloud Pak as part of the operator CVE-2020-8552. Go Go-Yam...

CVE-2025-30560

Cross-Site Request Forgery CSRF vulnerability in Sana Ullah jQuery Dropdown Menu jquery-drop-down-menu-plugin allows Stored XSS.This issue affects jQuery Dropdown Menu: from n/a through = 3.0...

CVE-2025-30560

CVE-2025-30560 is a CSRF-to-Stored XSS vulnerability in the WordPress plugin jQuery Dropdown Menu (versions up to 3.0, affected from n/a through 3.0). The CVSS 3.1 score is 7.1 (High) with network attack vector, low attack complexity, no privileges required, but requires user interaction, and it ...

CVE-2025-30560 WordPress jQuery Dropdown Menu plugin <= 3.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in Sana Ullah jQuery Dropdown Menu jquery-drop-down-menu-plugin allows Stored XSS.This issue affects jQuery Dropdown Menu: from n/a through = 3.0...

WordPress plugin jQuery Dropdown Menu 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

RLSA-2025:1309 Moderate: gcc-toolset-13-gcc security update

The gcc-toolset-13-gcc13 package contains the GNU Compiler Collection version 13. Security Fixes: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

tbb security update

An update is available for tbb. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Threading Building Blocks TBB is a C++ runtime library that abstracts the low-lev...

RLSA-2025:1300 Moderate: gcc-toolset-14-gcc security update

The gcc-toolset-14-gcc13 package contains the GNU Compiler Collection version 14. Security Fixes: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

RLSA-2025:1346 Moderate: gcc security update

The gcc packages provide compilers for C, C++, Java, Fortran, Objective C, and Ada 95 GNU, as well as related support libraries. Security Fixes: jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 For more details about the security issues, including...

K000150406: jQuery vulnerability CVE-2007-2379

Security Advisory Description The jQuery framework exchanges data using JavaScript Object Notation JSON without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and...

CVE-2025-28861

Cross-Site Request Forgery CSRF vulnerability in bhzad WP jQuery Persian Datepicker wpjqp-datepicker allows Stored XSS.This issue affects WP jQuery Persian Datepicker: from n/a through = 0.1.0...

CVE-2025-28861

Cross-Site Request Forgery CSRF vulnerability in bhzad WP jQuery Persian Datepicker wpjqp-datepicker allows Stored XSS.This issue affects WP jQuery Persian Datepicker: from n/a through = 0.1.0...

CVE-2025-28861 WordPress WP jQuery Persian Datepicker plugin <= 0.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in bhzad WP jQuery Persian Datepicker wpjqp-datepicker allows Stored XSS.This issue affects WP jQuery Persian Datepicker: from n/a through = 0.1.0...

CVE-2025-28861

CVE-2025-28861 is a CSRF-to-stored XSS vulnerability in the WordPress plugin WP jQuery Persian Datepicker (versions

CVE-2025-28861 WordPress WP jQuery Persian Datepicker plugin <= 0.1.0 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in bhzad WP jQuery Persian Datepicker wpjqp-datepicker allows Stored XSS.This issue affects WP jQuery Persian Datepicker: from n/a through = 0.1.0...