Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jquery vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2021-37504
A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows malicious users to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name.
Hayageek Jquery Upload File 4.0.11
5
CVSSv2
CVE-2021-21252
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Den...
Jqueryvalidation Jquery Validation
Netapp Snapcenter -
NA
CVE-2023-0171
The jQuery T(-) Countdown Widget WordPress plugin prior to 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored C...
Twinpictures Jquery T\\(-\\) Countdown Widget
5.8
CVSSv2
CVE-2015-7943
Open redirect vulnerability in the Overlay module in Drupal 7.x prior to 7.41, the jQuery Update module 7.x-2.x prior to 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x prior to 7.x-1.8 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing a...
Labjs Project Labjs 7.x-1.0
Jquery Update Project Jquery Update 7.x-2.3
Jquery Update Project Jquery Update 7.x-2.4
Jquery Update Project Jquery Update 7.x-2.5
Jquery Update Project Jquery Update 7.x-2.6
Drupal Drupal 7.0
Drupal Drupal 7.1
Drupal Drupal 7.15
Drupal Drupal 7.16
Drupal Drupal 7.17
Drupal Drupal 7.18
Drupal Drupal 7.31
Labjs Project Labjs 7.x-1.2
Labjs Project Labjs 7.x-1.7
Jquery Update Project Jquery Update 7.x-2.1
Drupal Drupal 7.2
Drupal Drupal 7.4
Drupal Drupal 7.11
Drupal Drupal 7.13
Drupal Drupal 7.20
Drupal Drupal 7.22
Drupal Drupal 7.27
4.3
CVSSv2
CVE-2020-7656
jquery before 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be...
Jquery Jquery
Oracle Peoplesoft Enterprise Peopletools 8.58
Netapp Snap Creator Framework -
Netapp Cloud Backup -
Netapp Oncommand System Manager
Netapp Active Iq Unified Manager -
Juniper Junos 21.2
3 Github repositories
NA
CVE-2020-23064
Cross Site Scripting vulnerability in jQuery 2.2.0 up to and including 3.x prior to 3.5.0 allows a remote malicious user to execute arbitrary code via the <options> element.
Jquery Jquery
Netapp Cloud Backup -
Netapp Active Iq Unified Manager -
Netapp Management Services For Element Software And Netapp Hci -
Netapp Brocade San Navigator -
Netapp Virtual Desktop Service -
1 Article
4.3
CVSSv2
CVE-2010-5312
Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI prior to 1.10.0 allows remote malicious users to inject arbitrary web script or HTML via the title option.
Debian Debian Linux 7.0
Jqueryui Jquery Ui
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Netapp Snapcenter -
Apache Drill 1.16.0
Drupal Drupal
Debian Debian Linux 9.0
1 Github repository
4.3
CVSSv2
CVE-2012-6662
Cross-site scripting (XSS) vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI prior to 1.10.0 allows remote malicious users to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the aut...
Redhat Enterprise Linux Server 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Hpc Node 7.0
Jqueryui Jquery Ui 1.10.0
NA
CVE-2021-4243
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-32850. Reason: This candidate is a duplicate of CVE-2021-32850. Notes: All CVE users should reference CVE-2021-32850 instead of this candidate. All references and descriptions in this candidate have been remo...
NA
CVE-2020-28488
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
1 Github repository
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »