Security Bulletin: IBM QRadar SIEM includes multiple components with known vulnerabilities

Summary The product includes multiple vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site...

CVE-2023-0171

The jQuery T- Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

Cross site scripting

The jQuery T- Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2023-0171

The CVE-2023-0171 entry concerns the WordPress plugin jQuery T(-) Countdown Widget, affected versions before 2.3.24. The vulnerability arises because the plugin does not validate and escape some shortcode attributes before output, enabling Stored XSS for users with the Contributor role and above....

CVE-2023-0171 jQuery T(-) Countdown Widget < 2.3.24 - Contributor+ Stored XSS

The jQuery T- Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

CVE-2023-0171 jQuery T(-) Countdown Widget < 2.3.24 - Contributor+ Stored XSS

The jQuery T- Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

Security Bulletin: IBM Aspera Orchestrator affected by JQuery vulnerability (CVE-2022-31160)

Summary The following vulnerability has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widget. A remote attacker...

Security Bulletin: IBM Aspera Orchestrator was vulnerable to cross-site scripting due to multiple JQuery vulnerabilities (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182)

Summary The following vulnerabilities has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the .position function. A remote...

Security Bulletin: Vulnerability in jQuery affects IBM Process Mining (Multiple CVEs)

Summary There are multiple vulnerabilities in JQuery that could allow an attacker to launch cross-site scripting. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuer...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

jquery: Cross-site scripting via cross-domain ajax requests

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

jquery: Cross-site scripting via cross-domain ajax requests

jQuery before 3.0.0 is vulnerable to Cross-site Scripting XSS attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.9 Security update

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...