GHSA-FRM9-7PM9-5RGC SilverStripe comments module includes version of jQuery vulnerable to Cross-site Scripting

The silverstripe/comments module, the cwp/starter-theme and the cwp/watea-theme include an outdated version of jQuery by default, which contains XSS vulnerabilities if user input is used in certain contexts. Though no known exploit has been found for these in the existing usage, user customisatio...

SilverStripe comments module includes version of jQuery vulnerable to Cross-site Scripting

The silverstripe/comments module, the cwp/starter-theme and the cwp/watea-theme include an outdated version of jQuery by default, which contains XSS vulnerabilities if user input is used in certain contexts. Though no known exploit has been found for these in the existing usage, user customisatio...

CVE-2024-4783

The jQuery T- Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-4783 jQuery T(-) Countdown Widget <= 2.3.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via tminus Shortcode

The jQuery T- Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-4783 jQuery T(-) Countdown Widget <= 2.3.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via tminus Shortcode

The jQuery T- Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

jQuery T(-) Countdown Widget <= 2.3.25 - Authenticated (Contributor+) Stored Cross-Site Scripting via tminus Shortcode

Description The jQuery T- Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

OMERO.web must check that the JSONP callback is a valid function

Background There is currently no escaping or validation of the callback parameter that can be passed to various OMERO.web endpoints that have JSONP enabled. One such endpoint is /webclient/imgData/.... As we only really use these endpoints with jQuery's own callback name generation ^1 it is quite...

GHSA-JRPW-8884-2747 eZ Platform Bundled jQuery affected by CVE-2019-11358

In eZ Platform 2.x, ezsystems/ezplatform-admin-ui-assets before v4.2.0 includes jQuery version 3.3.1. This version of jQuery is affected by the security vulnerability https://www.cvedetails.com/cve/CVE-2019-11358/ This is fixed in jQuery version 3.4. We recommend that you upgrade your...

eZ Platform Bundled jQuery affected by CVE-2019-11358

In eZ Platform 2.x, ezsystems/ezplatform-admin-ui-assets before v4.2.0 includes jQuery version 3.3.1. This version of jQuery is affected by the security vulnerability https://www.cvedetails.com/cve/CVE-2019-11358/ This is fixed in jQuery version 3.4. We recommend that you upgrade your...

RHEL 8 : jquery (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jquery: Untrusted code execution via tag in HTML passed to DOM manipulation methods CVE-2020-11023 - jQue...

RHEL 6 : jquery (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jquery: Cross-site scripting XSS via HTML tags containing whitespaces CVE-2020-7656 - In jQuery versions...

RHEL 7 : jquery (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jquery: Cross-site scripting XSS via HTML tags containing whitespaces CVE-2020-7656 - In jQuery versions...

Security Bulletin: Multiple vulnerabilities in jquery affect IBM Storage Scale

Summary There are multiple vulnerabilities in jquery, used by IBM Storage Scale HDFS transparency, which could allow cross-site scripting, caused by improper validation of user-supplied input. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...

Security Bulletin: IBM Aspera Orchestrator affected by usage of vulnerable software (CVE-2020-27511, CVE-2022-31160, CVE-2021-41184, CVE-2021-41182, CVE-2021-41183, CVE-2018-20677, CVE-2018-20676, CVE-2018-14040, CVE-2016-10735, CVE-2019-8331)

Summary IBM Aspera Orchestrator has addressed multiple vulnerabilities related to the use of vulnerable software jQuery and Bootstrap that could allow denial of service and cross-site scripting attacks. Vulnerability Details CVEID:CVE-2020-27511 DESCRIPTION: Prototype is vulnerable to a denial of...

WordPress Plugin Quicksand Post Filter jQuery 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress Plugin...

CVE-2024-24850 WordPress Quicksand Post Filter jQuery plugin <= 3.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1...

CVE-2024-24850 WordPress Quicksand Post Filter jQuery plugin <= 3.1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1...

Security Bulletin: IBM License Metric Tool is vulnerable to cross-script scripting due to use of jQuery Cookie.

Summary jQuery is used by IBM License Metric Tool to provide UI functionality and process user-supplied input. Vulnerability Details CVEID:CVE-2022-23395 DESCRIPTION: jQuery Cookie is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could...

PT-2024-20617 · Jquery · Quicksand Post Filter Jquery Plugin

Name of the Vulnerable Software and Affected Versions: Quicksand Post Filter jQuery Plugin versions 3.1.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Quicksand Post Filter jQuery Plugin. Recommendations: For Quicksand Post Filter jQuery Plugin...

Security Bulletin: IBM Security Verify Governance - Identity Manager, Software component has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in IBM Security Verify Governance - Identity Manager, Software component. Vulnerability Details CVEID:CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...