Lucene search
K

12 matches found

F5 Networks
F5 Networks
added 2024/09/09 6:37 p.m.26 views

K000141005: jQuery vulnerability CVE-2020-7656

Security Advisory Description jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "", which results in the enclosed script logic to be executed. CVE-2020-7656 Impact There is no impact; F5 products are not affected by this...

6.1CVSS7.5AI score0.06273EPSS
Exploits4
SUSE CVE
SUSE CVE
added 2023/02/15 4:48 a.m.4 views

SUSE CVE-2017-6929

A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...

6.1CVSS6.3AI score0.01267EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2021/11/09 8:21 a.m.82 views

Low: pcs security, bug fix, and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. The following packages have been upgraded to a later upstream version: pcs 0.10.10. BZ1935594 Security Fixes: jquery: Cross-site scripting XSS via HTML tags containing whitespaces CVE-2020-7656...

6.9CVSS7.1AI score0.8383EPSS
Exploits9References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/12/09 4:31 p.m.15 views

Security Bulletin: Potential vulnerability with jQuery

Summary A potential vulnerability has been identified related to jQuery. Refer to details for additional information. Vulnerability Details Third Party Entry: 180875 DESCRIPTION: jQuery cross-site scripting CVSS Base score: 6.1 CVSS Temporal Score: See:...

0.7AI score
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2020/06/26 7:44 p.m.71 views

Security Bulletin: IBM API Connect is impacted by vulnerabilities in Drupal (CVE-2020-11022 CVE-2020-11023)

Summary IBM API Connect has addressed the following vulnerabilities. Vulnerability Details CVEID: CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this...

6.9CVSS0.5AI score0.99019EPSS
Exploits11Affected Software1
NVD
NVD
added 2020/05/19 9:15 p.m.19 views

CVE-2020-7656

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed...

6.1CVSS6.2AI score0.06273EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2018/11/05 12:0 a.m.90 views

jQuery 1.4.0 < 1.12.0 Cross-Site Scripting

According to its self-reported version number, jQuery is at least 1.4.0 and prior to 1.12.0 or at least 1.12.4 and prior to 3.0.0-beta1. Therefore, it may be affected by a cross-site scripting vulnerability due to cross-domain ajax request performed without the dataType. Note that the scanner has...

6.1CVSS6.6AI score0.29726EPSS
Exploits2References3
UbuntuCve
UbuntuCve
added 2018/03/01 11:29 p.m.31 views

CVE-2017-6929

A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...

6.1CVSS6.2AI score0.01267EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/03/01 10:0 p.m.27 views

CVE-2017-6929

A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4.0 in the Drupal...

6AI score0.01267EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/03/01 10:0 p.m.30 views

CVE-2017-6929

Removed by vendor...

6.1CVSS6.6AI score0.01267EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2018/01/18 11:29 p.m.87 views

CVE-2012-6708

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

6.1CVSS6.7AI score0.08632EPSS
Exploits6References3
NVD
NVD
added 2018/01/18 11:29 p.m.38 views

CVE-2012-6708

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

6.1CVSS6.1AI score0.08632EPSS
Exploits6References11
Rows per page
Query Builder