2405 matches found
WordPress WordPress Dev Powers – Element Selector jQuery Powers Plugin Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Dev Powers – Element Selector jQuery Powers Plugin Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 441b1a9fb4...
CVE-2020-23064
A flaw was found in jQuery, where it is vulnerable to Cross-site scripting, caused by the improper validation of user-supplied input by the element. This flaw allows a remote attacker to use a specially crafted URL to execute a script in a victim's web browser within the security context of the...
AZL-44556 CVE-2023-26136 affecting package js-jquery 3.5.0-4
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...
AZL-43684 CVE-2023-26136 affecting package js-jquery 3.5.0-4
Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...
Nessus Network Monitor < 6.2.2 Multiple Vulnerabilities (TNS-2023-23)
According to its self-reported version, the Nessus Network Monitor running on the remote host is prior to 6.2.2. It is, therefore, affected by multiple vulnerabilities as referenced in the TNS-2023-23 advisory. Several of the third-party components were found to contain vulnerabilities, and updat...
Malicious code in jquery-overscroll (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 279b9014e86c11c82ac819b5e3bbbbbfc2868e3131b65bd941e60d08985cfbb0 The OpenSSF Package Analysis project identified 'jquery-overscroll' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...
jQuery 2.2.0 < 3.5.0 XSS Vulnerability
jQuery is prone to a cross-site scripting XSS vulnerability. This VT has been deprecated. The contained CVE is a duplicate of SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
GHSA-257Q-PV89-V3XV Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jpcq-cgw6-v4j6. This link is maintained to preserve external references. Original Description Cross Site Scripting vulnerability in jQuery v.2.2.0 until v.3.5.0 allows a remote attacker to execute arbitrary code...
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-jpcq-cgw6-v4j6. This link is maintained to preserve external references. Original Description Cross Site Scripting vulnerability in jQuery v.2.2.0 until v.3.5.0 allows a remote attacker to execute arbitrary code...
CVE-2020-23064
Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the element...
Cross site scripting
Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the element...
CVE-2020-23064
JQuery vulnerability (CVE-2020-11023) : In jQuery versions >=1.0.3 and <3.5.0, passing HTML that contains elements from untrusted sources to DOM manipulation methods (e.g., .html(), .append()) can execute untrusted code. This was fixed in jQuery 3.5.0. Impact: potential untrusted code exec...
jQuery Cross Site Scripting vulnerability
Cross Site Scripting vulnerability in jQuery v.2.2.0 until v.3.5.0 allows a remote attacker to execute arbitrary code via the element...
编号撤回
jQuery is the United States John Resig individual developers of a set of open source , cross-browser JavaScript library . The library simplifies operations between HTML and JavaScript and features modularity, plug-in extensions, and more. This CVE number has been withdrawn...
AZL-43867 CVE-2023-26115 affecting package js-jquery 3.5.0-4
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression within the result variable...
AZL-44184 CVE-2023-26115 affecting package js-jquery 3.5.0-4
All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression within the result variable...
AZL-43717 CVE-2022-25883 affecting package js-jquery 3.5.0-4
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service ReDoS via the function new Range, when untrusted user data is provided as a range...
Security Bulletin: IBM Aspera Shares is vulnerable to cross-site scripting due to JQuery-UI (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182)
Summary This Security Bulletin addresses security vulnerabilities with JQuery that have been remediated in IBM Aspera Shares 1.10.0 PL1. Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
com.amazonaws.serverless:aws-serverless-java-container-struts (>=1.9 <=1.9.3), com.jgeppert.struts2.bootstrap:struts2-bootstrap-plugin (>=5.0.0 <=5.0.2) +50 more potentially affected by CVE-2023-34149 via org.apache.struts:struts2-core (>=6.0.0 <=6.1.2)
org.apache.struts:struts2-core MAVEN version =6.0.0, =1.9, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =5.0.0, =1.4.0, =1.4.1, =1.4.0, =1.4.3 and more Source cves: CVE-2023-34149 Source advisory: OSV:GHSA-8F6X...
Fedora 38 : sympa (2023-271b912b2b)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-271b912b2b advisory. Update to sympa 6.2.72 Fixes CVE-2021-32850 For details, see: https://github.com/sympa-community/sympa/releases/tag/6.2.72 Tenable has extracted the...