Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jquery vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-31147
The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation before 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to...
Jqueryvalidation Jquery Validation
NA
CVE-2022-31160
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions before 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent lab...
Jqueryui Jquery Ui
Netapp H300s Firmware -
Netapp H500s Firmware -
Netapp H700s Firmware -
Netapp H410s Firmware -
Netapp H410c Firmware -
Netapp Oncommand Insight -
Drupal Jquery Ui Checkboxradio 8.x-1.2
Drupal Jquery Ui Checkboxradio 8.x-1.1
Drupal Jquery Ui Checkboxradio 8.x-1.0
Drupal Jquery Ui Checkboxradio 8.x-1.3
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
Debian Debian Linux 10.0
1 Github repository
6.5
CVSSv2
CVE-2021-20087
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype.
Acemetrix Jquery-deparam 0.5.1
4.3
CVSSv2
CVE-2021-34663
The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/jquery-tagline-rotator.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 0.1....
Arvtard Jquery Tagline Rotator
NA
CVE-2023-5430
The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
Gopiplus Jquery News Ticker
NA
CVE-2023-5464
The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This ...
Gopiplus Jquery Accordion Slideshow
7.5
CVSSv2
CVE-2018-9207
Arbitrary file upload in jQuery Upload File <= 4.0.2
Hayageek Jquery Upload File
1 Github repository
NA
CVE-2023-5432
The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
Gopiplus Jquery News Ticker
NA
CVE-2023-4890
The JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied att...
Designchemical Jquery Accordion Menu Widget
7.5
CVSSv2
CVE-2018-9208
Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta
Tuyoshi Jquery Picture Cut 1.1
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »