CVE-2026-32119 OpenEMR has Stored DOM XSS via SearchHighlight text-node reconstruction on Custom Report page

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, DOM-based stored XSS in the jQuery SearchHighlight plugin library/js/SearchHighlight.js allows an authenticated user with encounter form write access to inject arbitrary...

AZL-77601 CVE-2026-2391 affecting package js-jquery 3.5.0-4

Summary The arrayLimit option in qs does not enforce limits for comma-separated values when comma: true is enabled, allowing attackers to cause denial-of-service via memory exhaustion. This is a bypass of the array limit enforcement, similar to the bracket notation bypass addressed in...

EUVD-2021-30818

Malicious code in bioql PyPI...

CVE-2020-6978

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries...

CVE-2015-9478

prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS...

AZL-49149 CVE-2024-45590 affecting package js-jquery 3.5.0-4

body-parser is Node.js body parsing middleware. body-parser 1.20.3 is vulnerable to denial of service when url encoding is enabled. A malicious actor using a specially crafted payload could flood the server with a large number of requests, resulting in denial of service. This issue is patched in...

AZL-49103 CVE-2024-45296 affecting package js-jquery 3.5.0-4

path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Because JavaScript is single threaded and regex matching runs on the main thread, poor performance will block the event...

AZL-44556 CVE-2023-26136 affecting package js-jquery 3.5.0-4

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...

AZL-43684 CVE-2023-26136 affecting package js-jquery 3.5.0-4

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized...

AZL-44184 CVE-2023-26115 affecting package js-jquery 3.5.0-4

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service ReDoS due to the usage of an insecure regular expression within the result variable...

AZL-44976 CVE-2022-38900 affecting package js-jquery 3.5.0-4

decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS...

AZL-44583 CVE-2021-44906 affecting package js-jquery 3.5.0-4

Minimist =1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey lines 69-95...

AZL-44112 CVE-2022-0155 affecting package js-jquery 3.5.0-4

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor...

[SECURITY] Fedora 35 Update: js-jquery-ui-1.13.0-1.fc35

A curated set of user interface interactions, effects, widgets, and themes built on top of the jQuery JavaScript Library...

Denial of Service (DoS)

Amendment This was deemed not a vulnerability. Overview jquery-ui is a library for manipulating UI elements via jQuery. Affected versions of this package are vulnerable to Denial of Service DoS. When the "dialog" is injected into an HTML tag more than once, the browser and the application may...

AZL-44379 CVE-2020-7729 affecting package js-jquery 3.5.0-4

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load instead of its secure replacement safeLoad of the package js-yaml inside grunt.file.readYAML...

AZL-44202 CVE-2020-7662 affecting package js-jquery 3.5.0-4

websocket-extensions npm module prior to 0.1.4 allows Denial of Service DoS via Regex Backtracking. The extension parser may take quadratic time when parsing a header containing an unclosed string parameter value whose content is a repeating two-byte sequence of a backslash and some other...

Cross-site Scripting (XSS)

Overview components/jquery is a jQuery JavaScript Library Affected versions of this package are vulnerable to Cross-site Scripting XSS. Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untruste...

Responsive FileManager 9.13.4 XSS / File Manipulation / Traversal

Responsive FileManager 9.13.4 - Multiple Vulnerabilities Date: December 12, 2018 Author: farisv Vendor Homepage: https://www.responsivefilemanager.com/ Vulnerable Package Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.4/responsivefilemanager.zip Responsive FileManag...

Wicket jQuery UI WYSIWYG Editor Vulnerability

Wicket jQuery UI is an API that provides all the jQuery UI integration . WYSIWYG editor is one of the editors . A security vulnerability exists in the WYSIWYG editor in Wicket jQuery UI versions 6.28.0 and earlier, 7.9.1 and earlier, and 8.0.0-M8 and earlier. An attacker can exploit the...