AZL-44493 CVE-2024-28849 affecting package js-jquery 3.5.0-4

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

AZL-43861 CVE-2024-28849 affecting package js-jquery 3.5.0-4

follow-redirects is an open source, drop-in replacement for Node's http and https modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials...

BIT-MEDIAWIKI-2020-25814

In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with javascript:payload xss and turns it into a jQuery object with mw.message.parse. The expected result is that the jQuery object does not contain an tag or it doe...

BIT-MEDIAWIKI-2020-26120

XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even...

BIT-DRUPAL-2020-11022 jQuery has a potential XSS vulnerability

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

BIT-DRUPAL-2020-11023 Potential XSS vulnerability in jQuery

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

BIT-DRUPAL-2021-41182 XSS in the `altField` option of the Datepicker widget

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

BIT-DRUPAL-2021-41183 XSS in `*Text` options of the Datepicker widget

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various Text options are now alway...

BIT-DRUPAL-2021-41184 XSS in the `of` option of the `.position()` util

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in jQuery UI (CVE-2022-31160)

Summary A cross-site scripting vulnerability in jQuery UI used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio...

CVE-2024-24849

Cross-Site Request Forgery CSRF vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1...

CVE-2024-24849

Cross-Site Request Forgery CSRF vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1...

CVE-2024-24849

CVE-2024-24849 is a CSRF vulnerability in the Quicksand Post Filter jQuery Plugin (versions up to 3.1.1). Connected sources indicate no publicly available patch within the provided docs; PatchStack lists fixed-in as N/A and describes low severity with unlikely exploitation. Monitor for updates an...

WordPress Plugin Quicksand Post Filter jQuery Plugin Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-20616 · Jquery · Quicksand Post Filter Jquery Plugin

Name of the Vulnerable Software and Affected Versions: Quicksand Post Filter jQuery Plugin versions through 3.1.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing (PUB) jQuery Vulnerability

Summary IBM Engineering Lifecycle Optimization - Publishing jQuery and jQuery.min found vulnerable Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remot...

Quicksand Post Filter jQuery Plugin <= 3.1.1 - Missing Authorization via quicksand_admin_ajax

Description The Quicksand Post Filter jQuery Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'quicksandadminajax' function in versions up to, and including, 3.1.1. This makes it possible for unauthenticated attackers to delete...

Quicksand Post Filter jQuery Plugin <= 3.1.1 - Cross-Site Request Forgery via renderAdmin

Description The Quicksand Post Filter jQuery Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing or incorrect nonce validation on the 'renderAdmin' function. This makes it possible for unauthenticated attackers to...

WordPress Quicksand Post Filter jQuery Plugin Plugin <= 3.1.1 is vulnerable to Broken Access Control

Software Quicksand Post Filter jQuery Plugin Type Plugin Vulnerable versions = 3.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24850 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1e819776a454 Credits Mika Requir...