MiracleLinux 8 : pki-core:10.6 (AXSA:2021-1597:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1597:01 advisory. jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 bootstrap: XSS in the data-target attribute CVE-2016-10735 bootstrap:...

EUVD-2015-2199

Malware in sbrugna...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.103032)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.103032 advisory. - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : jQuery vulnerabilities (USN-7622-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7622-1 advisory. It was discovered that jQuery did not correctly handle HTML tags. An attacker could possibly use this issue to execute a cross-si...

USN-7622-1: jQuery vulnerabilities

It was discovered that jQuery did not correctly handle HTML tags. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. This issue only affected Ubuntu 14.04 LTS. CVE-2012-6708 It was discovered that jQuery did not correctly handle unsanitized source objects due ...

📄 jQuery 3.3.1 Cross Site Scripting

jQuery version 3.3.1 proof of concept exploit that demonstrates cross site scripting via improper script handling and prototype pollution. Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepag...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0. Vulnerability Details CVEID:CVE-2023-51079 DESCRIPTION: MVEL is vulnerable to a denial of service, caused by a TimeOut error...

doxygen security update

1:1.8.5-4.0.1 - Fix CVE-2020-11022 and CVE-2022-11023 in vendored jQuery Orabug: 37577394...

USN-7246-1: jQuery vulnerabilities

It was discovered that jQuery incorrectly handled parsing untrusted HTML. A remote attacker could possibly use this issue to execute arbitrary code...

Security Bulletin: Vulnerabilities in jQuery affect watsonx.data

Summary jQuery is vulnerable to cross site scripting attacks and to untrusted code execution attacks. These could affect watsonx.data. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remot...

Ubuntu 20.04 LTS : jQuery vulnerabilities (USN-7246-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7246-1 advisory. It was discovered that jQuery incorrectly handled parsing untrusted HTML. A remote attacker could possibly use this issue to execute arbitrary code...

The Bug Report - January 2025 Edition

The Bug Report - January 2025 Edition By Jonathan Omakun · January 30, 2025 Why am I here? Ah, January—the month of resolutions, regrets, and, apparently, really bad code. While you’re trying to get back to the gym or cut down on caffeine, attackers have been busy exploiting vulnerabilities faste...

Security Bulletin: IBM Aspera Orchestrator was vulnerable to cross-site scripting due to multiple JQuery vulnerabilities (CVE-2021-41184, CVE-2021-41183, CVE-2021-41182)

Summary The following vulnerabilities has been addressed in IBM Aspera Orchestrator 4.0.1. Vulnerability Details CVEID:CVE-2021-41184 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the .position function. A remote...

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Spend Analysis (CVE-2020-11023, CVE-2020-11022)

Summary jQuery security vulnerabilities affect IBM Emptoris Spend Analysis. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Sourcing (CVE-2020-11023, CVE-2020-11022)

Summary jQuery security vulnerabilities affect IBM Emptoris Sourcing. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...

Security Bulletin: jQuery Vulnerabilities Affect IBM Emptoris Contract Management (CVE-2020-11023, CVE-2020-11022)

Summary jQuery security vulnerabilities affect IBM Emptoris Contract Management. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the option elements. A remote attacker could exploit this...

OPENSUSE-SU-2020:1888-1 Security update for otrs

This update for otrs fixes the following issues: - otrs was updated to 6.0.30 OSA-2020-14 boo1178434 - CVE-2020-11022, CVE-2020-11023: Vulnerability in third-party library - jquery OTRS uses jquery version 3.4.1, which is vulnerable to cross-site scripting XSS...

Security Bulletin: Multiple Vulnerabilities in jQuery affect IBM WIoTP MessageGateway

Summary There are multiple vulnerabilities in jQuery that affect IBM WIoTP MessageGateway. Vulnerability Details Third Party Entry: 180875 DESCRIPTION: jQuery cross-site scripting CVSS Base score: 6.1 CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/180875 for the...

Security Bulletin: IBM Tivoli Netcool Impact is affected by jQuery vulnerabilities (CVE-2020-11022, CVE-2020-11023)

Summary IBM Tivoli Netcool Impact has addressed the following jQuery vulnerabilities. Vulnerability Details CVEID: CVE-2020-11022 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker...

Multiple vulnerabilities fixed in Drupal

Several vulnerabilities have been fixed in Drupal core. The vulnerabilities are located in jQuery and allow a malicious able to perform a Cross-Site Scripting XSS attack. This potentially allows the malicious party to execute code under the user's privileges. For the vulnerabilities in jQuery, we...