WordPress Jquery news ticker Plugin <= 3.1 is vulnerable to Cross Site Scripting (XSS)

Software Jquery news ticker Type Plugin Vulnerable versions = 3.1 Fixed in 3.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5432 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4f07a499a4a8 Credits István Márton Required...

Jquery news ticker < 3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Plugin Jquery news ticker security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2023-32101 · WordPress · Jquery News Ticker

Name of the Vulnerable Software and Affected Versions: Jquery news ticker plugin for WordPress versions up to, and including, 3.1 Description: The issue is related to Stored Cross-Site Scripting via the 'jquery-news-ticker' shortcode due to insufficient input sanitization and output escaping on...

com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.3), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=5.0.0 <=5.0.2) +52 more potentially affected by CVE-2023-50164 via org.apache.struts:struts2-core (>=6.0.0 <=6.3.0.1)

org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2023-50164 Source advisory: OSV:GHSA-2J...

Security Bulletin: Multiple vulnerabilities in JQuery Java Script Library Affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data

Summary Vulnerablities in jquery affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data. These are addressed. Vulnerability Details CVEID:CVE-2019-11358 DESCRIPTION: jQuery, as used in Drupal core, is vulnerable to cross-site scripting, caused by improper validation of user-supplie...

Security Bulletin: Multiple vulnerabilities in jQuery affect IBM Tivoli Netcool Impact

Summary jQuery is shipped with IBM Tivoli Netcool Impact as part of its user interface. Information about security vulnerabilities affecting jQuery has been published in a security bulletin. Vulnerability Details CVEID:CVE-2021-41182 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site...

Tenable Nessus Network Monitor < 6.3.1 Multiple Vulnerabilities (TNS-2023-43)

Tenable Nessus Network Monitor is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Nessus Network Monitor < 6.3.1 Multiple Vulnerabilities (TNS-2023-43)

According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.3.1. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-43 advisory. - Nessus Network Monitor leverages third-party software to help provide underlying...

[R1] Nessus Network Monitor 6.3.1 Fixes Multiple Vulnerabilities

R1 Nessus Network Monitor 6.3.1 Fixes Multiple Vulnerabilities Jason Schavel Wed, 11/29/2023 - 16:00 Nessus Network Monitor leverages third-party software to help provide underlying functionality. Several of the third-party components HandlebarsJS, OpenSSL, and jquery-file-upload were found to...

Fedora 39 : roundcubemail (2023-217194e950)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-217194e950 advisory. Release 1.6.3 - Fix bug where installto.sh/update.sh scripts were removing some essential options from the config file 9051 - Update jQuery-UI to version...

Rocky Linux 8 : idm:DL1 and idm:client (RLSA-2020:4670)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:4670 advisory. - jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causi...

Rocky Linux 8 : pcs (RLSA-2021:4142)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4142 advisory. - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. I...

Rocky Linux 8 : idm:DL1 and idm:client (RLSA-2021:1846)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:1846 advisory. - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one...

F5 Networks BIG-IP : jQuery vulnerability (K66544153)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K66544153 advisory. In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted...

F5 Networks BIG-IP : Appliance mode authenticated F5 BIG-IP Guided Configuration third-party lodash and jQuery vulnerabilities (K12492858)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.8 / 16.1.3.2 / 17.0.0. It is, therefore, affected by multiple vulnerabilities as referenced in the K12492858 advisory. - Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function...

F5 Networks BIG-IP : jQuery vulnerability (K02453220)

The version of F5 Networks BIG-IP installed on the remote host is prior to 17.1.3.1 / 17.5.1.4. It is, therefore, affected by a vulnerability as referenced in the K02453220 advisory. In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after...

Security Bulletin: A vulnerability in jquery may affect IBM Robotic Process Automation for Cloud Pak and result in an attacker obtaining sensitive information. (CVE-2020-23064)

Summary There is a vulnerability in jQuery used by IBM Robotic Process Automation for Cloud Pak as part of the operator, which may result in cross site scripting CVE-2020-23064. This bulletin identifies the security fixes to apply to address this vulnerability. Vulnerability Details CVEID:...

CVE-2023-5464

The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-5464

The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...