WordPress Quicksand Post Filter jQuery Plugin Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Quicksand Post Filter jQuery Plugin Type Plugin Vulnerable versions = 3.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-24849 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4fb38b54d1c3 Credits...

EulerOS 2.0 SP10 : doxygen (EulerOS-SA-2023-2808)

According to the versions of the doxygen packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In JQuery version greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after...

EulerOS 2.0 SP10 : python-sphinx (EulerOS-SA-2023-2823)

According to the versions of the python-sphinx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In JQuery version greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after...

EulerOS 2.0 SP10 : doxygen (EulerOS-SA-2023-2784)

According to the versions of the doxygen packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In JQuery version greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after...

EulerOS 2.0 SP10 : python-sphinx (EulerOS-SA-2023-2799)

According to the versions of the python-sphinx packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In JQuery version greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after...

Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance

Summary Multiple security vulnerabilities related to jQuery, Bootstrap, and other components have been addressed in IBM Security Verify Governance. Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of...

CVE-2020-26629

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server...

CVE-2020-26629

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server...

Unrestricted file upload

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server...

Security Bulletin: Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager virtual appliance component

Summary Multiple security vulnerabilities related to jQuery and other components have been addressed in IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2023-46158 DESCRIPTION: IBM WebSphere Application Server Liberty 23.0.0.9 through...

CVE-2020-26629

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server...

CVE-2020-26629

CVE-2020-26629 affects Hospital Management System v4.0. Affected component: Hospital Management System (HMS) – file upload functionality allows an unauthenticated attacker to upload arbitrary files to the server, enabling potential code execution or data exposure. The published details indicate a...

AZL-45348 CVE-2023-26159 affecting package js-jquery 3.5.0-4

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse function. When new URL throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect...

AZL-43636 CVE-2023-26159 affecting package js-jquery 3.5.0-4

Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse function. When new URL throws an error, it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect...

Vulnerabilities fixed in Tenable Nessus Network Monitor

Tenable has fixed vulnerabilities in Nessus Network Monitor and underlying software. An unauthenticated malicious person could potentially exploit the vulnerability with reference CVE-2023-5363 potentially exploit it to cause a denial-of-service DoS or to gain access to sensitive system data. In...

CVE-2023-5432

The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-5432

The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Cross site scripting

The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2023-5432

The CVE-2023-5432 entry concerns the WordPress plugin Jquery news ticker. Affected software: the Jquery news ticker plugin for WordPress (versions up to and including 3.1). Vulnerability: Stored Cross-Site Scripting via the jquery-news-ticker shortcode resulting from insufficient input sanitizati...

CVE-2023-5432 Jquery news ticker <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...