Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jquery jquery vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-14042
In Bootstrap prior to 4.1.2, XSS is possible in the data-container property of tooltip.
Getbootstrap Bootstrap
Getbootstrap Bootstrap 4.0.0
2 Github repositories
4.3
CVSSv2
CVE-2018-1325
In Apache wicket-jquery-ui <= 6.29.0, <= 7.10.1, <= 8.0.0-M9.1, JS code created in WYSIWYG editor will be executed on display.
Wicket-jquery-ui Project Wicket-jquery-ui 7.0.0
Wicket-jquery-ui Project Wicket-jquery-ui 8.0.0
Wicket-jquery-ui Project Wicket-jquery-ui
6.8
CVSSv2
CVE-2018-8768
In Jupyter Notebook prior to 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.
Jupyter Notebook
4.3
CVSSv2
CVE-2017-15719
In Wicket jQuery UI 6.28.0 and previous versions, 7.9.1 and previous versions, and 8.0.0-M8 and previous versions, a security issue has been discovered in the WYSIWYG editor that allows an malicious user to submit arbitrary JS code to WYSIWYG editor.
Wicket-jquery-ui Project Wicket-jquery-ui
Wicket-jquery-ui Project Wicket-jquery-ui 7.0.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.0.1
Wicket-jquery-ui Project Wicket-jquery-ui 7.0.2
Wicket-jquery-ui Project Wicket-jquery-ui 7.1.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.2.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.2.1
Wicket-jquery-ui Project Wicket-jquery-ui 7.3.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.3.1
Wicket-jquery-ui Project Wicket-jquery-ui 7.4.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.5.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.6.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.7.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.8.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.9.0
Wicket-jquery-ui Project Wicket-jquery-ui 7.9.1
Wicket-jquery-ui Project Wicket-jquery-ui 8.0.0
4.3
CVSSv2
CVE-2017-6929
A jQuery cross site scripting vulnerability is present when making Ajax requests to untrusted domains. This vulnerability is mitigated by the fact that it requires contributed or custom modules in order to exploit. For Drupal 8, this vulnerability was already fixed in Drupal 8.4....
Drupal Drupal
Debian Debian Linux 8.0
Debian Debian Linux 7.0
Debian Debian Linux 9.0
5
CVSSv2
CVE-2016-10707
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.
Jquery Jquery 3.0.0
2 Github repositories
4.3
CVSSv2
CVE-2012-6708
jQuery prior to 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' char...
Jquery Jquery
1 Github repository
4.3
CVSSv2
CVE-2014-6071
jQuery 1.4.2 allows remote malicious users to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.
Jquery Jquery 1.4.2
10
CVSSv2
CVE-2017-17560
An issue exists on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device...
Westerndigital My Cloud Pr4100 Firmware 2.30.172
1 EDB exploit
5
CVSSv2
CVE-2017-1000170
jqueryFileTree 2.1.5 and older Directory Traversal
Jqueryfiletree Project Jqueryfiletree
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
6
7
8
9
10
NEXT »