Security Bulletin: Vulnerabilities in Apache Ant affect IBM Operations Analytics - Log Analysis (CVE-2020-11023, CVE-2020-23064, CVE-2020-11022)

Summary There are multple cross site scripting vulnerabilities in Apache Ant that effect IBM Operations Analytics - Log Analysis. These have been addressed. Vulnerability Details CVEID:CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of...

CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4

CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4. A patched version of the package is available...

School Log Management System 1.0 SQL Injection / Code Execution

============================================================================================================================================= | Title : School Log Management System 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser :...

Simple College Website 1.0 SQL Injection / Code Execution

============================================================================================================================================= | Title : Simple College Website 1.0 WYSIWYG Settings Management Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4

CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4. A patched version of the package is available...

Hotel Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Hotel Management System 1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

Malicious code in jquery-ui-dialog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f1ac81ca06088c1af7f942bcd5c3e05a81ee19ded09f4417b8eea369da63f3c3 The OpenSSF Package Analysis project identified 'jquery-ui-dialog' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2024-7743 Malicious code in jquery-ui-dialog (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f1ac81ca06088c1af7f942bcd5c3e05a81ee19ded09f4417b8eea369da63f3c3 The OpenSSF Package Analysis project identified 'jquery-ui-dialog' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...

Malicious code in atlassian-plugins-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fa70e76a995c21512e5537f8ba45c8143816593a98f504f5ac88ad3e752d9eaa The OpenSSF Package Analysis project identified 'atlassian-plugins-jquery' @ 0.0.0-dev npm as malicious. It is considered malicious because: - T...

MAL-2024-7732 Malicious code in atlassian-plugins-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis fa70e76a995c21512e5537f8ba45c8143816593a98f504f5ac88ad3e752d9eaa The OpenSSF Package Analysis project identified 'atlassian-plugins-jquery' @ 0.0.0-dev npm as malicious. It is considered malicious because: - T...

OPENSUSE-SU-2024:14169-1 ruby3.3-rubygem-jquery-rails-4.6.0-1.5 on GA media

These are all security issues fixed in the ruby3.3-rubygem-jquery-rails-4.6.0-1.5 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:14131-1 python310-XStatic-jquery-ui-1.13.0.1-1.15 on GA media

These are all security issues fixed in the python310-XStatic-jquery-ui-1.13.0.1-1.15 package on the GA media of openSUSE Tumbleweed...

CVE-2024-32753

CVE-2024-32753 maps to a dependency on vulnerable JQuery versions prior to 3.5.0 in Johnson Controls Illustra Pro Gen 4 cameras (affected: SS016.05.03.01.0010 and earlier). The root cause is third‑party JQuery component vulnerability; impact targets confidentiality (and potentially integrity) wit...

CVE-2024-32753 TYCO Illustra Pro Gen 4 - JQuery version

Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component...

CVE-2024-32753 TYCO Illustra Pro Gen 4 - JQuery version

Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component...

PT-2024-24826 · Jquery · Jquery

Name of the Vulnerable Software and Affected Versions: JQuery versions prior to 3.5.0 Description: The camera may be susceptible to known vulnerabilities associated with JQuery versions prior to 3.5.0, a third-party component. Recommendations: For JQuery versions prior to 3.5.0, update to version...

Trojanized jQuery Infiltrates npm, GitHub, and CDNs: Thousands of Packages at Risk

Phylum uncovers large-scale trojanized jQuery attacks targeting npm, GitHub, and CDNs. Malicious actors steal user form data through…...

Trojanized jQuery Packages Found on npm, GitHub, and jsDelivr Code Repositories

Unknown threat actors have been found propagating trojanized versions of jQuery on npm, GitHub, and jsDelivr in what appears to be an instance of a "complex and persistent" supply chain attack. "This attack stands out due to the high variability across packages," Phylum said in an analysis...

CVE-2024-37247

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in twinpictures, baden03 jQuery T- Countdown Widget allows Stored XSS.This issue affects jQuery T- Countdown Widget: from n/a through 2.3.25...

CVE-2024-37247

CVE-2024-37247 refers to a stored XSS in the WordPress plugin jQuery T(-) Countdown Widget (versions <= 2.3.25). The root cause is improper input neutralization during page generation in the plugin, enabling cross-site scripting when processing user-supplied data. Affected product: WordPress p...