OPENSUSE-SU-2024:10512-1 ruby2.2-rubygem-jquery-rails-4.2.1-1.1 on GA media

These are all security issues fixed in the ruby2.2-rubygem-jquery-rails-4.2.1-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:12144-1 ruby3.1-rubygem-jquery-rails-4.5.0-1.1 on GA media

These are all security issues fixed in the ruby3.1-rubygem-jquery-rails-4.5.0-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11334-1 ruby2.7-rubygem-jquery-rails-4.4.0-1.7 on GA media

These are all security issues fixed in the ruby2.7-rubygem-jquery-rails-4.4.0-1.7 package on the GA media of openSUSE Tumbleweed...

CVE-2024-5425

The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-5425

The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2024-5425 WP jQuery Lightbox <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Attribute

The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

WordPress WP jQuery Lightbox plugin <= 1.5.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via title Attribute vulnerability discovered by Webbernaut in WordPress Plugin WP jQuery Lightbox versions = 1.5.4...

WordPress WP jQuery Lightbox Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS)

Software WP jQuery Lightbox Type Plugin Vulnerable versions = 1.5.4 Fixed in 1.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5425 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 83bd6c4ea26b Credits Webbernaut Required...

WordPress plugin WP jQuery Lightbox security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

Northwind Demo 1.0 Cross Site Scripting

Exploit Title: Northwind, company operations database - Cross-Site Scripting Reflected Date: 04.06.2024 Exploit Author: Furkan Eren Tetik Vendor Homepage: https://bigprof.com/appgini/free-open-source-web-applications Software Link: https://github.com/bigprof-software/northwind-demo Version: 1.0...

PT-2024-36129 · WordPress · Wp Jquery Lightbox

Name of the Vulnerable Software and Affected Versions: WP jQuery Lightbox plugin for WordPress versions up to, and including, 1.5.4 Description: The issue is related to Stored Cross-Site Scripting via the title attribute due to insufficient input sanitization and output escaping. This allows...

WP jQuery Lightbox < 1.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via title Attribute

Description The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

GHSA-JMH9-6RJQ-GJH9 Vulnerable embedded jQuery Version

Summary PIMCore uses the JavaScript library jQuery in version 3.4.1. This version is vulnerable to cross-site-scripting XSS. Details In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it to one of...

Vulnerable embedded jQuery Version

Summary PIMCore uses the JavaScript library jQuery in version 3.4.1. This version is vulnerable to cross-site-scripting XSS. Details In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it to one of...

RHEL 7 : jquery (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 Note that Nessus has not tested for this...

RHEL 7 : yelp-xsl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jquery-ui: XSS vulnerability in jQuery.ui.dialog title option CVE-2010-5312 - jquery-ui: XSS vulnerabilit...

RHEL 6 : ipa (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or...

RHEL 6 : yelp-xsl (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jquery-ui: XSS vulnerability in jQuery.ui.dialog title option CVE-2010-5312 - jquery-ui: XSS vulnerabilit...

RHEL 7 : ipa (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 - jQue...

Cross Site Scripting

silverstripe/comments is vulnerable to Cross Site Scripting. The vulnerability is due to an outdated version of jQuery that contains XSS vulnerabilities when user input is used in certain contexts...