Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jquery jquery - vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-20086
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype.
Jquery-bbq Project Jquery-bbq 1.2.1
1 Github repository
6.8
CVSSv2
CVE-2015-2089
Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote malicious users to hijack the authentication of administrators for requests that (1) change plugin settings or cond...
Crossslide Jquery Project Crossslide Jquery 2.0.5
7.5
CVSSv2
CVE-2018-9206
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
Jquery File Upload Project Jquery File Upload
3 EDB exploits
7 Github repositories
4.3
CVSSv2
CVE-2022-30241
The jquery.json-viewer library up to and including 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element.
Jquery Json-viewer Project Jquery Json-viewer
5
CVSSv2
CVE-2015-1840
jquery_ujs.js in jquery-rails prior to 3.1.3 and 4.x prior to 4.0.4 and rails.js in jquery-ujs prior to 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote malicious users to bypass the Same Origin Policy, and trigger transmission of a CSRF token to a different-domain web...
Fedoraproject Fedora 22
Fedoraproject Fedora 21
Rubyonrails Jquery-rails 4.0.0
Rubyonrails Jquery-rails
Rubyonrails Jquery-rails 4.0.1
Rubyonrails Jquery-ujs
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
4.3
CVSSv2
CVE-2021-24543
The jQuery Reply to Comment WordPress plugin up to and including 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Sit...
Jquery-reply-to-comment Project Jquery-reply-to-comment
6.5
CVSSv2
CVE-2021-20083
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.
Jquery-plugin-query-object Project Jquery-plugin-query-object 2.2.3
4.3
CVSSv2
CVE-2022-2144
The Jquery Validation For Contact Form 7 WordPress plugin prior to 5.3 does not have CSRF check in place when updating its settings, which could allow malicious users to make a logged in admin change Blog options like default_role, users_can_register via a CSRF attack
Jquery Validation For Contact Form 7 Project Jquery Validation For Contact Form 7
7.5
CVSSv2
CVE-2014-8739
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) prior to 1.0.0 for WordPress and prior to 2.0.1 for Joomla!, allows remot...
Creative-solutions Creative Contact Form
Jquery File Upload Project Jquery File Upload 6.4.4
2 EDB exploits
1 Github repository
5
CVSSv2
CVE-2021-43306
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method
Jqueryvalidation Jquery Validation
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »