GHSA-FJ93-7WM4-8X2G Cross-Site Scripting in jquery-mobile

All version of jquery-mobile are vulnerable to Cross-Site Scripting. The package checks for content in location.hash and if a URL is found it does an XmlHttpRequest XHR to the URL and renders the response with innerHTML. It fails to validate the Content-Type of the response, allowing attackers to...

@fanswoo/core (>=1.0.0 <=1.3.8), brws-upload (>=1.0.2 <=1.0.3) +4 more potentially affected by unknown CVE via jquery-mobile (>=1.4.1 <=1.5.0-alpha.1)

jquery-mobile NPM version =1.4.1, =1.0.0, =1.0.2, =1.0.0, =1.0.2, =2.0.0, =0.0.1, =1.0.4 Source cves: unknown CVE Source advisory: OSV:GHSA-FJ93-7WM4-8X2G...

Cross-Site Scripting in jquery-mobile

All version of jquery-mobile are vulnerable to Cross-Site Scripting. The package checks for content in location.hash and if a URL is found it does an XmlHttpRequest XHR to the URL and renders the response with innerHTML. It fails to validate the Content-Type of the response, allowing attackers to...

URL Validation Bypass

jquery-mobile is vulnerable to URL validation bypass. Forward and Back slashes are not properly handled, which would allow remote attackers to bypass access controls or URL checks due to incorrect parsing of URLs, e.g. http://[email protected]/ is incorrectly considered the same domain as...

Cross-site Scripting (XSS)

jquery-mobile is vulnerable to cross-site scripting. Lack of validation in the Content-Type header of an XHR request results in the rendering of an AJAX JSON response as HTML in a user's browser. A remote attacker is able to inject arbitrary Javascript into a victim's browser by relying on anothe...

jQuery Mobile < 1.2.0 Cross-site Scripting

According to its self-reported version number, jQuery Mobile is prior to 1.2.0. Therefore, it may be affected by a cross-site scripting vulnerability due to improper escaping of location.href. Note that the scanner has not tested for these issues but has instead relied only on the application's...

Cross-Site Scripting

Overview All version of jquery-mobile are vulnerable to Cross-Site Scripting. The package checks for content in location.hash and if a URL is found it does an XmlHttpRequest XHR to the URL and renders the response with innerHTML. It fails to validate the Content-Type of the response, allowing...

jQuery Mobile redirect XSS vulnerability

TL;DR - Any website that uses jQuery Mobile and has an open redirect is now vulnerable to XSS - and there's nothing you can do about it, there's not even patch \ツ/ . jQuery Mobile is a cool jQuery UI system that makes building mobile apps easier. It does some part of what other frameworks like...

Cross-site Scripting (XSS)

jquery-mobile is vulnerable to Cross-site Scripting XSS. The vulnerability exists because it decodes the username:password of location.href in the url without encoding them first...

BK Mobile CMS 2.4 Cross Site Scripting

FULL DISCLOSURE Product : BK Mobile CMS Exploit Author : Rahul Pratap Singh Version : 2.4 Home page Link : http://codecanyon.net/item/jquery-mobile-website-with-full-admin-panel/2441358 Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 27/Jan/2016...

jQuery Mobile Docs 1.2.0 final XSS Vulnerability

Exploit for php platform in category web applications Exploit Title: jQuery Mobile Docs 1.2.0 final XSS Reflected Software Link: http://demos.jquerymobile.com/1.2.1/ Exploit Author: Andrei Manole Contact: email protected Tested On : Windows FireFox CVE : N/A Category: webapps Date: 05/09/2015 1...