84 matches found
Multiple vulnerabilities in PowerCMS
Overview PowerCMS provided by Alfasado Inc. contains multiple vulnerabilities listed below. Injection CWE-74 - CVE-2025-29993 Dependency on vulnerable third-party component CWE-1395 - CVE-2021-21252 Alfasado Inc. reported this vulnerability to IPA to notify users of its solution through JVN...
Linux Distros Unpatched Vulnerability : CVE-2021-21252
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package jquery-validation. jquery-validation before...
Malicious code in jquery-validation-utils (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2024-2569 Malicious code in jquery-validation-utils (npm)
--- -= Per source details. Do not edit below this line.=-...
io.github.ezadmin126:ezadmin-common (>=3.0.0 <=3.1.1), io.github.ezadmin126:ezadmin-core (>=2.9.12 <=2.11.5) +14 more potentially affected by CVE-2025-3573 via org.webjars:jquery-validation (>=1.12.0 <=1.19.5)
org.webjars:jquery-validation MAVEN version =1.12.0, =3.0.0, =2.9.12, =3.0.3, =3.0.0, =1.0.2, =2.9.7, =1.8, =1.7, =1.8, =1.7, =1.5, =1.4, =2.0, =2.0, =3.14, =3.25.0 and more Source cves: CVE-2025-3573 Source advisory: SNYK:JAVA-ORGWEBJARS-9788110...
Cross-site Scripting (XSS)
Overview org.webjars.npm:jquery-validation is a Client-side form validation made easy Affected versions of this package are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via...
org.webjars.bower:boosted (>=3.2.0 <=3.3.3), org.webjars.bower:jpkleemans-angular-validate (=1.1.1) +14 more potentially affected by CVE-2025-3573 via org.webjars.bower:jquery-validation (>=1.13.1 <=1.19.5)
org.webjars.bower:jquery-validation MAVEN version =1.13.1, =3.2.0, =0.1.13, =1.8.0, =2.6.0, =2.7.1, =2.9.1, =3.27.0, =3.28.2, =3.31.0 and more Source cves: CVE-2025-3573 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-9788112...
Cross-site Scripting (XSS)
Overview org.webjars.bower:jquery-validation is a Client-side form validation made easy Affected versions of this package are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via...
Cross-site Scripting (XSS)
Overview org.webjars:jquery-validation is a Client-side form validation made easy Affected versions of this package are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via...
@archey347/uf_blog (=0.0.0), @boldreports/angular-reporting-components (>=5.1.20 <=11.1.10) +19 more potentially affected by CVE-2025-3573 via jquery-validation (>=1.14.0 <=1.19.5)
jquery-validation NPM version =1.14.0, =5.1.20, =5.1.20, =5.1.20, =0.0.4, =4.0.0, =5.0.0, =0.0.2, =0.2.2, =3.0.0, =5.0.0, =5.0.0, =0.11.28, =0.0.8, =0.0.13 and more Source cves: CVE-2025-3573 Source advisory: SNYK:JS-JQUERYVALIDATION-5952285...
Cross-site Scripting (XSS)
Overview org.webjars.bowergithub.jquery-validation:jquery-validation is a Client-side form validation made easy Affected versions of this package are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will...
Cross-site Scripting (XSS)
Overview jquery-validation is a Client-side form validation made easy Affected versions of this package are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages ...
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2021-21252
Summary There is a vulnerability CVE-2021-21252 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-21252 DESCRIPTION: jQuery Validation Plugin is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw when validating...
WordPress Jquery Validation For Contact Form 7 plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...
CVE-2022-2144
The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like defaultrole, userscanregister via a CSRF attack...
CVE-2022-2144
The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like defaultrole, userscanregister via a CSRF attack...
CVE-2022-2144 Jquery Validation For Contact Form 7 < 5.3 - Arbitrary Options Update via CSRF
The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like defaultrole, userscanregister via a CSRF attack...
Regular Expression Denial Of Service (ReDoS)
jquery-validation is vulnerable to regular expression denial of service. The vulnerability exists in the url parse function in src/core.js, and due to insufficient regular expression complexity checks an attacker can cause a ReDoS when supplying input to the url parse function. This CVE exists du...
CVE-2022-31147
The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...
Input validation
The jQuery Validation Plugin jquery-validation provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service ReDoS when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix...