AZL-52548 CVE-2024-21538 affecting package js-jquery 3.5.0-4

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

AZL-52587 CVE-2024-21538 affecting package js-jquery 3.5.0-4

Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input sanitization. An attacker can increase the CPU usage and crash the program by crafting a very large and well crafted string...

RHEL 7 : python-XStatic-jquery-ui (RHSA-2017:0161)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2017:0161 advisory. jQuery UI is a set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript library. Security Fixes: It was...

JQuery UI 1.13.1 XSS

The version of JQuery UI library hosted on the remote web server is prior to 1.13.1. It is, therefore, affected by a cross-site scripting vulnerability in the JQuery UI that allows remote attackers to obtain sensitive information and execute arbitrary code by injecting a crafted payload into the...

SUSE CVE-2024-30875

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, a...

CVE-2024-30875

A Cross-site scripting XSS vulnerability was found in the jquery-ui library. If a user visits a malicious website, a remote attacker may be able to obtain sensitive information and execute arbitrary code via a specially crafted payload to the window.addEventListener component. Mitigation Mitigati...

CVE-2024-30875

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, a...

CVE-2024-30875

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component...

jQuery UI 安全漏洞

jQuery UI is a jQuery open source set of carefully curated user interface interactions, effects, widgets and themes built on jQuery. A security vulnerability exists in jQuery UI version v.1.13.1, which stems from the presence of a cross-site scripting vulnerability that allows remote attackers to...

CVE-2024-30875

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, a...

CVE-2024-30875

Removed by vendor...

CVE-2024-30875

CVE-2024-30875 affects jquery-ui v1.13.1 with a Cross-Site Scripting (XSS) vulnerability via the window.addEventListener component. IBM’s bulletin confirms the issue and lists affected IBM Robotic Process Automation products, with remediation paths to update to 21.0.7.19+ or 23.0.20+ (Cloud Pak a...

Oracle WebCenter Portal (October 2024 CPU)

The 12.2.1.4.0 versions of WebCenter Portal installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2024 CPU advisory. - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Security Framework jQuery. The supported...

CVE-2024-30875

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, a...

CentOS 7 : pcs (RHSA-2022:7343)

The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7343 advisory. - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. ...

CentOS 7 : ipa (RHSA-2021:0860)

The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:0860 advisory. - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to on...

AZL-50073 CVE-2024-47764 affecting package js-jquery 3.5.0-4

cookie is a basic HTTP cookie parser and serializer for HTTP servers. The cookie name could be used to set other fields of the cookie, resulting in an unexpected cookie value. A similar escape can be used for path and domain, which could be abused to alter other fields of the cookie. Upgrade to...

GHSA-GCGP-Q2JQ-FW52 LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature

Summary A Self Cross-Site Scripting Self-XSS vulnerability in the "Alert Templates" feature allows users to inject arbitrary JavaScript into the alert template's name. This script executes immediately upon submission but does not persist after a page refresh. Details The vulnerability occurs when...

Security Bulletin: Multiple Vulnerabilities in components for Cloud Pak System

Summary Vulnerabilities found in components packaged with Cloud Pak System, Beego, Node.js follow-redirects module, Prototypejs, jQuery, Golang go and go/crypto module. These vulnerabilities have been addressed in Cloud Pak System V2.3.4.0 and IBM V2.3.5.0. Vulnerability Details...

Malicious code in jquery-ui-smoothness (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cbde2167eb940c597861a429b583a7e45ac7225bee0da328cc03ddbbcb363beb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...