Certain HP Enterprise LaserJet, LaserJet Managed printers - Potential denial of service, potential Cross Site Scripting (XSS)

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. Update your printer firmware...

Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to jQuery cross-site scripting (CVE-2020-11022, CVE-2020-11023)

Summary There is a vulnerability in the jQuery OpenSource library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of...

Important: ruby

Issue Overview: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the...

JQuery Accordion Menu Widget for WordPress <= 3.1.2 - Contributor+ Stored XSS

Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin...

CVE-2023-4890

The JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2023-4890

CVE-2023-4890 affects the JQuery Accordion Menu Widget for WordPress (WordPress plugin) up to version 3.1.2, enabling Stored XSS via the dcwp-jquery-accordion shortcode. The vulnerability arises from insufficient input sanitization and output escaping of user-supplied attributes. Exploitation req...

CVE-2023-4890 JQuery Accordion Menu Widget <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The JQuery Accordion Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-4890 JQuery Accordion Menu Widget <= 3.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The JQuery Accordion Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

WordPress Plugin JQuery Accordion Menu Widget Cross Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress JQuery Accordion Menu Widget Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS)

Software JQuery Accordion Menu Widget Type Plugin Vulnerable versions = 3.1.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4890 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4715a521c168 Credits Lana Codes...

Oracle Linux 8 : idm:DL1 / and / idm:client (ELSA-2020-4670)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4670 advisory. bind-dyndb-ldap 11.3-1 - New upstream release - Resolves: rhbz1845211 ipa 4.8.7-12.0.1 - Set IPAPLATFORM=rhel when build on Oracle Linux Orabug: 295166...

Oracle Linux 8 : pki-core:10.6 / and / pki-deps:10.6 (ELSA-2020-4847)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-4847 advisory. - In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. CVE-2018-14040 - In Bootstrap before 4.1.2, XSS is possible in the...

Oracle Linux 7 : ipa (ELSA-2020-3936)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-3936 advisory. - Resolves: 1831856 CVE-2020-11022 ipa: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method - WebUI: Apply jQuery patch to fix...

Debian dla-3551 : otrs - security update

"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3551 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3551-1 [email protected]...

How to check jQuery version that used by NetScaler Gateway

NetScaler jQuery version check method...

GetSimple CMS 3.3.2 Cross Site Scripting

==================================================================================================================================== | Title : GetSimple CMS v3.3.2 XSS Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 63.0.3 32-bit | | Vend...

How to manually upgrade jQuery version on Citrix NetScaler.

How to manually upgrade jQuery version on Citrix NetScaler. ONLY WHEN ABSOLUTELY NECESSARY, THIS IS AT YOUR OWN RISK...

OESA-2023-1446 doxygen security update

Doxygen is the de facto standard tool for generating documentation from annotated C++ sources, but it also supports other popular programming languages such as C, Objective-C, C, PHP, Java, Python, IDL Corba, Microsoft, and UNO/OpenOffice flavors, Fortran, VHDL, Tcl, and to some extent D. Securit...

OESA-2023-1447 doxygen security update

Doxygen is the de facto standard tool for generating documentation from annotated C++ sources, but it also supports other popular programming languages such as C, Objective-C, C, PHP, Java, Python, IDL Corba, Microsoft, and UNO/OpenOffice flavors, Fortran, VHDL, Tcl, and to some extent D. Securit...

WordPress NoFollow jQuery Links Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS)

Software NoFollow jQuery Links Type Plugin Vulnerable versions = 1.5.1 Fixed in 1.5.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 9058be21e2a2 Credits Rafie Muhammad Patchstack...