jQuery 跨站脚本漏洞

jQuery is the United States John Resig individual developers of a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript, and features modularity, plug-in extensions, and so on. A cross-site scripting vulnerability exists in jQuery...

CVE-2022-31160 jQuery UI contains potential XSS vulnerability when refreshing a checkboxradio with an HTML-like initial text label

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

CVE-2022-31160

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...

Cross-site Scripting (XSS)

jquery-ui is vulnerable to cross-site scripting attacks. The vulnerability exists in the widget function in checkboxradio.js due to a lack of input sanitization which allows a malicious attacker to inject and execute malicious javascript...

Security Bulletin: Multiple cross-site scripting vulnerabilities in JQuery affect IBM InfoSphere Information Server

Summary Multiple cross-site scripting vulnerabilities in JQuery used by IBM InfoSphere Information Server were addressed. Vulnerability Details CVEID:CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

WordPress Jquery Validation For Contact Form 7 plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...

jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label

Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio "refresh" on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can le...

GHSA-H6GJ-6JJQ-H8G9 jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label

Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio "refresh" on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can le...

org.webjars.npm:evol-colorpicker (=3.4.2), org.webjars.npm:jquery-ui-multidatespicker (=1.6.6) potentially affected by CVE-2022-31160 via org.webjars.npm:jquery-ui (=1.13.0-rc.3)

org.webjars.npm:jquery-ui MAVEN version =1.13.0-rc.3 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:jquery-ui and may be impacted: - org.webjars.npm:evol-colorpicker =3.4.2 - org.webjars.npm:jquery-ui-multidatespicker =1.6.6 Source cve...

@atlassian/aui (>=8.2.4 <=9.5.1), @chinchilla-software/ng-date-time-picker (>=1.0.0 <=1.0.1) +135 more potentially affected by CVE-2022-31160 via jquery-ui (>=1.10.4 <=1.13.1)

jquery-ui NPM version =1.10.4, =8.2.4, =1.0.0, =1.0.0, =0.1.0, =2.3.2, =6.4.0, =1.1.42, =0.0.0, =2.1.1, =4.0.0, =1.0.0-alpha.0, =11.0.0, =17.0.0-dev.3 and more Source cves: CVE-2022-31160 Source advisory: OSV:GHSA-H6GJ-6JJQ-H8G9...

PT-2022-20575 · Jquery +5 · Jquery Ui +5

Name of the Vulnerable Software and Affected Versions: jQuery UI versions prior to 1.13.2 Moodle versions prior to 3.11.17-alt1 Description: jQuery UI, a collection of user interface interactions, effects, widgets, and themes built on jQuery, is susceptible to a cross-site scripting XSS issue...

CVE-2022-2144

The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like defaultrole, userscanregister via a CSRF attack...

CVE-2022-2144

The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like defaultrole, userscanregister via a CSRF attack...

Cross site request forgery (csrf)

The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like defaultrole, userscanregister via a CSRF attack...

CVE-2022-2144 Jquery Validation For Contact Form 7 < 5.3 - Arbitrary Options Update via CSRF

The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like defaultrole, userscanregister via a CSRF attack...

AZL-44553 CVE-2022-25858 affecting package js-jquery 3.5.0-4

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service ReDoS due to insecure usage of regular expressions...

Regular Expression Denial Of Service (ReDoS)

jquery-validation is vulnerable to regular expression denial of service. The vulnerability exists in the url parse function in src/core.js, and due to insufficient regular expression complexity checks an attacker can cause a ReDoS when supplying input to the url parse function. This CVE exists du...

jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label

Impact Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. If you call .checkboxradio "refresh" on such a widget and the initial HTML contained encoded HTML entities, they will erroneously get decoded. This can le...

CVE-2022-31147

The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...

Input validation

The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...