jQuery MiniColors 跨站脚本漏洞

jQuery MiniColors is a small jQuery-based color picker from the individual developer Cory LaViska. A security vulnerability exists in jQuery MiniColors versions prior to 2.3.6, which stems from a cross-site scripting vulnerability that is prone to occur when handling untrusted color names...

PT-2023-12182 · Unknown +1 · Jquery Minicolors +1

Name of the Vulnerable Software and Affected Versions: jQuery MiniColors versions prior to 2.3.6 Description: The issue is related to cross-site scripting when handling untrusted color names. This can be exploited due to the lack of proper input validation in jQuery MiniColors. Recommendations: F...

CVE-2021-32850

CVE-2021-32850 affects jQuery MiniColors. The vulnerability is a cross-site scripting flaw in the color-name handling of versions prior to 2.3.6. It is patched in 2.3.6. Practical impact is JS/DOM context exposure if untrusted color inputs are processed. Remediation: upgrade to jQuery MiniColors ...

Moodle 3.8.x < 3.8.8 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.5.x prior to 3.5.17, 3.8.x prior to 3.8.8, 3.9.x prior to 3.9.5 or 3.10.x prior to 3.10.2. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability attack due to the lack of sanitization of th...

Moodle 3.10.x < 3.10.2 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.5.x prior to 3.5.17, 3.8.x prior to 3.8.8, 3.9.x prior to 3.9.5 or 3.10.x prior to 3.10.2. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability attack due to the lack of sanitization of th...

CVE-2021-32860 iziModal vulnerable to Cross-site Scripting

iziModal is a modal plugin with jQuery. Versions prior to 1.6.1 are vulnerable to cross-site scripting XSS when handling untrusted modal titles. An attacker who is able to influence the field title when creating a iziModal instance is able to supply arbitrary html or javascript code that will be...

Moodle 3.5.x < 3.5.17 Multiple Vulnerabilities

The version of Moodle installed on the remote host is 3.5.x prior to 3.5.17, 3.8.x prior to 3.8.8, 3.9.x prior to 3.9.5 or 3.10.x prior to 3.10.2. It is, therefore, affected by multiple vulnerabilities: - A stored Cross-Site Scripting XSS vulnerability attack due to the lack of sanitization of th...

SUSE CVE-2011-4969

Cross-site scripting XSS vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag...

SUSE CVE-2012-6708

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

SUSE CVE-2015-1840

jqueryujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web server, via a leading space...

SUSE CVE-2015-9251

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

SUSE CVE-2016-7103

Cross-site scripting XSS vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function...

SUSE CVE-2017-6929

A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...

SUSE CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

SUSE CVE-2020-11023

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

SUSE CVE-2020-11022

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

SUSE CVE-2021-41184

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the of option of the .position util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the of option is now treated as a CSS...

SUSE CVE-2021-41182

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the altField option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the altField option is now...

Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in jQuery.

Summary IBM CICS TX Standard is vulnerable to multiple vulnerabilities in jQuery. The fix removes these vulnerabilities from IBM CICS TX Standard. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied...

Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in jQuery.

Summary IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in jQuery. The fix removes these vulnerabilities from IBM CICS TX Advanced. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied...