Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jquery jquery vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2018-8768
In Jupyter Notebook prior to 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.
Jupyter Notebook
4.3
CVSSv2
CVE-2017-15719
In Wicket jQuery UI 6.28.0 and previous versions, 7.9.1 and previous versions, and 8.0.0-M8 and previous versions, a security issue has been discovered in the WYSIWYG editor that allows an malicious user to submit arbitrary JS code to WYSIWYG editor.
Wicket-jquery-ui Project Wicket-jquery-ui
Wicket-jquery-ui Project Wicket-jquery-ui 7.0.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.2.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.3.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.9.0
Wicket-jquery-ui Project Wicket-jquery-ui 8.0.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.0.1
Wicket-jquery-ui Project Wicket-jquery-ui 7.0.2
Wicket-jquery-ui Project Wicket-jquery-ui 7.1.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.4.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.5.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.6.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.7.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.2.1
Wicket-jquery-ui Project Wicket-jquery-ui 7.3.1
Wicket-jquery-ui Project Wicket-jquery-ui 7.8.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.9.1
4.3
CVSSv2
CVE-2017-6929
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4....
Drupal Drupal
Debian Debian Linux 7.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
4.3
CVSSv2
CVE-2012-6708
jQuery prior to 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' char...
Jquery Jquery
1 Github repository
5
CVSSv2
CVE-2016-10707
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
Jquery Jquery 3.0.0
2 Github repositories
4.3
CVSSv2
CVE-2014-6071
jQuery 1.4.2 allows remote malicious users to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.
Jquery Jquery 1.4.2
10
CVSSv2
CVE-2017-17560
An issue exists on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device...
Westerndigital My Cloud Pr4100 Firmware 2.30.172
1 EDB exploit
5
CVSSv2
CVE-2017-1000170
jqueryFileTree 2.1.5 and older Directory Traversal
Jqueryfiletree Project Jqueryfiletree
1 Github repository
5.8
CVSSv2
CVE-2015-7943
Open redirect vulnerability in the Overlay module in Drupal 7.x prior to 7.41, the jQuery Update module 7.x-2.x prior to 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x prior to 7.x-1.8 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing a...
Labjs Project Labjs 7.x-1.0
Jquery Update Project Jquery Update 7.x-2.3
Jquery Update Project Jquery Update 7.x-2.4
Jquery Update Project Jquery Update 7.x-2.5
Jquery Update Project Jquery Update 7.x-2.6
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.31
Labjs Project Labjs 7.x-1.2
Labjs Project Labjs 7.x-1.7
Jquery Update Project Jquery Update 7.x-2.1
Drupal Drupal 7.2
Drupal Drupal 7.4
Drupal Drupal 7.11
Drupal Drupal 7.13
Drupal Drupal 7.20
Drupal Drupal 7.22
Drupal Drupal 7.27
4.3
CVSSv2
CVE-2016-7103
Cross-site scripting (XSS) vulnerability in jQuery UI prior to 1.12.0 might allow remote malicious users to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Jqueryui Jquery Ui
Oracle Weblogic Server 12.1.3.0.0
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Hospitality Cruise Fleet Management 9.0.11
Oracle Application Express
Oracle Primavera Unifier
Oracle Siebel Ui Framework
Oracle Oss Support Tools
Oracle Oss Support Tools 2.12.42
Fedoraproject Fedora 30
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Snapcenter -
Redhat Openstack 7.0
Redhat Openstack 9
Redhat Openstack 8
Juniper Junos 21.2
Debian Debian Linux 9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »