jquery: Cross-site scripting (XSS) via <script> HTML tags containing whitespaces

A flaw was found in jquery in versions prior to 1.9.0. A cross-site scripting attack is possible as the load method fails to recognize and remove "" HTML tags that contain a whitespace character which results in the enclosed script logic to be executed. The highest threat from this vulnerability ...

Arbitrary Code Execution

tenable-jira-cloud is vulnerable to arbitrary code execution. An attacker with local access to the host is able to run arbitrary commands through the yaml.load method by running the application with a malicious YAML file...

The vulnerability of the full_load method and the FullLoader loader from the PyYAML library allows a attacker to execute arbitrary code.

The vulnerability of the fullload method and the FullLoader loader from the PyYAML library exists due to insufficient validation of input data. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

jQuery < 1.9.0 XSS Vulnerability

jQuery is prone to a cross-site scripting XSS vulnerability via the load method. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

GHSA-Q4M3-2J7H-F7XW Cross-Site Scripting in jquery

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove HTML tags that contain a whitespace character, i.e: , which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a...

Cross-Site Scripting in jquery

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove HTML tags that contain a whitespace character, i.e: , which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a...

Cross-Site Scripting in jquery

Versions of jquery prior to 1.9.0 are vulnerable to Cross-Site Scripting. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed. This allows attackers to execute arbitrary JavaScript in a...

CVE-2020-7656

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed...

Cross site scripting

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed...

UBUNTU-CVE-2020-7656

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed...

CVE-2020-7656

CVE-2020-7656 affects jQuery versions prior to 1.9.0. The vulnerability arises from the load method failing to strip certain ), enabling cross‑site scripting. Public materials describe PoC/exploitation and public advisories/patch guidance (e.g., upgrade to 1.9.0+). The CVE is documented with an o...

CVE-2020-7656

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "" HTML tags that contain a whitespace character, i.e: "", which results in the enclosed script logic to be executed...

PT-2020-6926 · Jquery +5 · Jquery +5

Name of the Vulnerable Software and Affected Versions: jquery versions prior to 1.9.0 Description: The issue allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove HTML tags that contain a whitespace character, i.e: , which results in the enclosed...

Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2020-1527)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.2.2 : perl (EulerOS-SA-2020-1476)

According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-depende...

EulerOS 2.0 SP5 : perl (EulerOS-SA-2020-1122)

According to the version of the perl packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execu...

DEBIAN-CVE-2019-20478

In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safeload in these use cases...

CVE-2019-20478

In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safeload in these use cases...

Remote code execution

In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safeload in these use cases...

CVE-2019-20478

In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safeload in these use cases...