jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection

A Prototype Pollution vulnerability was found in jquery. Untrusted JSON passed to the extend function could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...

Dell Wyse Management Suite < 3.7 Multiple Vulnerabilities (DSA-2022-143)

The version of Dell Wyse Management Suite installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the DSA-2022-143 advisory. - jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of t...

Tenable Nessus 10.x < 10.4.0 Multiple Vulnerabilities (TNS-2022-21)

According to its self-reported version, the Tenable Nessus application running on the remote host is 10.x prior to 10.4.0. It is, therefore, affected by multiple vulnerabilities, including: - An authenticated attacker could utilize the identical agent and cluster node linking keys to potentially...

[R2] Nessus Version 10.4.0 Fixes Multiple Vulnerabilities

R2 Nessus Version 10.4.0 Fixes Multiple Vulnerabilities Arnie Cabral Thu, 10/27/2022 - 10:48 Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components select2.js, jQuery UI were found to contain vulnerabilities, and updated versions have...

jQuery UI Cross-site Scripting (CVE-2016-7103)

A cross-site scripting vulnerability exists in jQuery UI. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

Security Bulletin: API Connect is vulnerable to JQuery-UI Cross-Site Scripting (XSS) (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182)

Summary A vulnerable version of JQuery-UI was used by API Connect. The fix includes updated JQuery-UI which addresses CVE-2021-41184, CVE-2021-41183, and CVE-2021-41182. Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by...

Security Bulletin: API Connect is vulnerable to JQuery Cross-Site Scripting (XSS) and other vulnerabilities (CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023)

Summary A vulnerable version of JQuery was used by API Connect. The fix includes updated JQuery which addresses CVE-2012-6708, CVE-2015-9251, CVE-2019-11358, CVE-2020-11022, and CVE-2020-11023. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery is vulnerable to cross-site scripting,...

AZL-44541 CVE-2022-37598 affecting package js-jquery 3.5.0-4

Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report...

jQuery UI Cross-site Scripting (CVE-2021-41184)

A cross-site scripting vulnerability exists in jQuery UI. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...

Security Bulletin: Multiple vulnerabilities in Spark affecting IBM QRadar User Behavior Analytics

Summary Multiple vulnerabilities exist in Spark, which is used by IBM QRadar User Behavior Analytics UBA. These vulnerabilities are addressed in UBA by upgrading to a version of Spark and packages that are associated with Spark that resolve the vulnerabilities. Vulnerability Details...

AZL-44946 CVE-2022-3517 affecting package js-jquery 3.5.0-4

A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service ReDoS when calling the braceExpand function with specific arguments, resulting in a Denial of Service...

AZL-45309 CVE-2022-37602 affecting package js-jquery 3.5.0-4

Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1 via the key variable in grunt-karma.js...

Security Bulletin: JQuery UI shipped with IBM Tivoli Netcool Impact is vulnerable to XSS (CVE-2022-31160)

Summary JQuery UI is used by IBM Tivoli Netcool Impact as part of its UI framework. Information about a security vulnerability affecting JQuery UI has been published in a security bulletin. Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting,...

Security Bulletin: IBM Robotic Process Automation is vulnerable to cross site scripting due to jquery-ui (CVE-2022-31160)

Summary jquery-ui is used by IBM Robotic Process Automation as part of the RPA Dashboard. CVE-2022-31160 Vulnerability Details CVEID:CVE-2022-31160 DESCRIPTION: jQuery UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the check-box-radio widget. A...

Dotnetnuke 6.0.x < 9.11.0 Multiple Vulnerabilities (09.11.00)

According to its self-reported version, the instance of Dotnetnuke running on the remote web server is 6.0.x prior to 9.11.0. It is, therefore, affected by multiple vulnerabilities. - A third-party dependency, Moment.js, published security updates to their library. Fixes for the Issue DNN Platfor...

Security Bulletin: Vulnerabilities in Golang Go, PostgreSQL, jQuery, and Google Gson may affect IBM Spectrum Copy Data Management

Summary Vulnerabilities in Golang Go, PostgreSQL, jQuery, and Google Gson such as denial of service, bypassing security restrictions, obtaining sensitive information, cross-site scripting, and execution of arbitrary code may affect IBM Spectrum Copy Data Management. Vulnerability Details...

Security Bulletin: Security vulnerabilities in Dojo and jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for Dojo and jQuery version shipped with IBM Business Automation Workflow and IBM BPM. Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied inp...

Security Bulletin: Multiple security vulnerabilities in Swagger UI affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary IBM Business Process Manager and IBM Business Automation Workflow are affected by multiple security vulnerabilities found in Swagger UI. Vulnerability Details CVEID:CVE-2012-6708 DESCRIPTION: jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput functio...

USN-5181-1: jQuery UI vulnerability

It was discovered that jQuery UI did not properly validate the values from untrusted sources. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. This issue affected only Ubuntu 18.04 ESM and Ubuntu 20.4 ESM. CVE-2021-41184 It was discovered that jQuery U...

USN-5181-1 jqueryui vulnerability

It was discovered that jQuery UI did not properly validate the values from untrusted sources. An attacker could use this vulnerability to cause a crash or possibly execute arbitrary code. This issue affected only Ubuntu 18.04 ESM and Ubuntu 20.4 ESM. CVE-2021-41184 It was discovered that jQuery U...