Fedora 37 : sympa (2023-419ca55dd3)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-419ca55dd3 advisory. Update to sympa 6.2.72 Fixes CVE-2021-32850 For details, see: https://github.com/sympa-community/sympa/releases/tag/6.2.72 Tenable has extracted the...

Malicious Package

Overview jquery.select2 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...

Malicious code in kbwood-jquery-svg (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e6253cea0dec938bb82732062c5d512840994efdb0bc6463d8a82185b5d4a9f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: There is a vulnerability in jQuery UI used by IBM Maximo Asset Management (CVE-2022-31160)

Summary There is a vulnerability in jQuery UI used by IBM Maximo Asset Management . Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widget. A remote attacker could...

Malicious code in jquery.select2 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d6dd7d61b3b3371967b1ec5a01455d7ec3bd6dc3372a8e399b6696c388394419 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview bootstrap-without-jquery is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...

Malicious code in bootstrap-without-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 903a10dc668799d05b5584a4bbacbc2b9acd690503e3750c3d24a7ba8f1369fd The OpenSSF Package Analysis project identified 'bootstrap-without-jquery' @ 1.1.4 npm as malicious. It is considered malicious because: - The...

MAL-2023-1127 Malicious code in bootstrap-without-jquery (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 903a10dc668799d05b5584a4bbacbc2b9acd690503e3750c3d24a7ba8f1369fd The OpenSSF Package Analysis project identified 'bootstrap-without-jquery' @ 1.1.4 npm as malicious. It is considered malicious because: - The...

Iranian Tortoiseshell Hackers Targeting Israeli Logistics Industry

At least eight websites associated with shipping, logistics, and financial services companies in Israel were targeted as part of a watering hole attack. Tel Aviv-based cybersecurity company ClearSky attributed the attacks with low confidence to an Iranian threat actor tracked as Tortoiseshell,...

Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in JQuery, Node.js and Swagger UI

Summary Multiple vulnerabilities in JQuery, Node.js and Swagger UI used by InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2021-23358 DESCRIPTION: Node.js underscore module could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the...

Tenable Nessus < 8.13.0 XSS Vulnerability (TNS-2020-10)

Tenable Nessus is prone to a cross-site scripting XSS vulnerability in jQuery. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cross site scripting

A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting XSS in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the proto or...

K000134507: jQuery UI vulnerability CVE-2022-31160

Security Advisory Description jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes...

CVE-2023-2582

Strikingly CMS (Strikingly) is affected by a prototype pollution vulnerability that can lead to reflected XSS when a malicious URL fragment is parsed by the Strikingly JavaScript library. The root cause is that the library allows access to proto or constructor properties of Object prototypes via ...

Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities

Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF17 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.18.0 CVE-2022-21449, CVE-2022-21434, CVE-2022-21443, CVE-2022-21624,...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203

Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remot...

Security Bulletin: Multiple vulnerabilities found in third party libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

WordPress 1 jQuery Photo Gallery Slideshow Flash Plugin < 1.8.15 is vulnerable to Path Traversal

Software 1 jQuery Photo Gallery Slideshow Flash Type Plugin Vulnerable versions 1.8.15 Fixed in 1.8.15 OWASP Top 10 A1: Injection Classification Path Traversal CVE CVE-2023-1427 Patch priority Low CVSS severity Low 6.6 Developer Claim ownership PSID d99626b803b8 Credits Nguyen Huu Do Required...

WooCommerce v7.1.0 - Remote Code Execution Vulnerability

Title: Wordpress Plugin WooCommerce v7.1.0 - Remote Code ExecutionRCE Author: Milad Karimi Vendor Homepage: https://wordpress.org/plugins/woocommerce Software Link: https://wordpress.org/plugins/woocommerce Tested on: windows 10 , firefox Version: 7.1.0 CVE : N/A Description: simple, easy to use...

WooCommerce v7.1.0 - Remote Code Execution(RCE)

Title: Wordpress Plugin WooCommerce v7.1.0 - Remote Code ExecutionRCE Date: 2022-12-07 Author: Milad Karimi Vendor Homepage: https://wordpress.org/plugins/woocommerce Software Link: https://wordpress.org/plugins/woocommerce Tested on: windows 10 , firefox Version: 7.1.0 CVE : N/A Description:...