jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method

A Cross-site scripting XSS vulnerability exists in JQuery. This flaw allows an attacker with the ability to supply input to the ‘HTML’ function to inject Javascript into the page where that input is rendered, and have it delivered by the browser...

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

Security Bulletin: IBM Aspera Faspex 4.4.2 has addressed multiple security vulnerabilities

Summary This security bulletin addresses multiple security vulnerabilities that have been remediated in IBM Aspera Faspex 4.4.2. Vulnerability Details CVEID:CVE-2021-39275 DESCRIPTION: Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking by the apescapequotes...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.18.1)

The version of AOS installed on the remote host is prior to 5.18.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.18.1 advisory. - An issue was found in Linux kernel before 5.5.4. The mwifiexcmdappendvsietlv function in...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19)

The version of AOS installed on the remote host is prior to 5.19. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.19 advisory. - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - eve...

jquery 2.2.4 XSS vulnerability

Affected versions of Bitbucket Server and Data Center use a version of jQuery that is vulnerable to CVE-2020-11022 and CVE-2020-11023. These allow an unauthenticated attacker to inject Javascript into the application via Cross-Site Scripting XSS vulnerabilities. A jquery patch has been applied fo...

Hyperledger: Cross Site Scripting Vulnerability in fabric-sdk-py source code

See this fix on GitHub https://github.com/hyperledger/fabric-sdk-py/pull/175 Impact Some old affected versions of this package are vulnerable to Cross-site Scripting XSS. Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html,...

jQuery UI Checkboxradio - Moderately critical - Cross site scripting - SA-CONTRIB-2022-052

jQuery UI is a third-party library used by Drupal. The jQuery UI Checkboxradio module provides the jQuery UI Checkboxradio library which was previously in Drupal 8 core, but has since been removed from core and moved to this module. As part of the jQuery UI 1.13.2 update, the jQuery UI project...

Security Bulletin: Multiple vulnerabilities in Jquery-Ui, highcharts, and datatables are affecting QRadar User Behavior Analytics (CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, CVE-2021-23445, CVE-2021-29489)

Summary There are vulnerabilities in third party packages JQuery-UI, Highcharts, datatables.net affecting User Behavior AnayticsUBA. UBA has been updated to the latest versions of these packages to address these vulnerabilities. Vulnerability Details CVEID:CVE-2021-41182 DESCRIPTION: jQuery...

JQuery UI < 1.13.2 XSS

The version of JQuery UI library hosted on the remote web server is prior to 1.13.2. It is, therefore, affected by a cross-site scripting vulnerability in the JQuery UI that allows remote attackers to inject arbitrary web script or HTML via processing the value of a compromised checkboxradio...

CVE-2022-31160

A flaw was found in the jquery-UI package. Affected versions of this package are vulnerable to Cross-site scripting XSS attack via the initialization of a check-box-radio widget on an input tag enclosed within a label, leading to the parent label contents being considered as the input label...

CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

DEBIAN-CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

UBUNTU-CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

Cross site scripting

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

CVE-2022-31160 jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

EUVD-2022-6344

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

CVE-2022-31160 jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

CVE-2022-31160

CVE-2022-31160 affects jQuery UI versions prior to 1.13.2. The issue occurs when initializing a checkboxradio widget on an input inside a label; the label contents can be treated as the input label, and refreshing with .checkboxradio("refresh") on such a widget may decode encoded HTML entities in...