Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jquery vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2019-12308
An issue exists in Django 1.11 prior to 1.11.21, 2.1 prior to 2.1.9, and 2.2 prior to 2.2.2. The clickable Current URL value displayed by the AdminURLFieldWidget displays the provided value without validating it as a safe URL. Thus, an unvalidated value stored in the database, or...
Djangoproject Django
6.1
CVSSv3
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and prior to 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuer...
Jquery Jquery
Drupal Drupal
Debian Debian Linux 9.0
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Oracle Weblogic Server 12.1.3.0.0
Oracle Jdeveloper 11.1.1.9.0
Oracle Retail Back Office 14.1
Oracle Retail Back Office 14.0
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Weblogic Server 10.3.6.0.0
Oracle Communications Webrtc Session Controller 7.2
Oracle Weblogic Server 12.2.1.3.0
Oracle Agile Product Lifecycle Management For Process 6.2.0.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Application Testing Suite 13.3.0.1
Oracle Retail Returns Management 14.0
Oracle Retail Returns Management 14.1
Oracle Jdeveloper 12.2.1.3.0
Oracle Policy Automation Connector For Siebel 10.4.6
Oracle Financial Services Market Risk Measurement And Management 8.0.6
13 Github repositories
6.1
CVSSv3
CVE-2022-23395
jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS).
Jquery.cookie Project Jquery.cookie 1.4.1
NA
CVE-2010-0760
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote malicious users to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and ...
Greatjoomla Scriptegrator Plugin 1.4.1
1 EDB exploit
7.8
CVSSv3
CVE-2016-2542
Untrusted search path vulnerability in Flexera InstallShield through 2015 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory of a setup-launcher executable file.
Flexera Installshield
Flexera Installshield 2015
7.2
CVSSv3
CVE-2020-6978
In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.
Honeywell Win-pak
6.1
CVSSv3
CVE-2021-44030
Quest KACE Desktop Authority prior to 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery.
Quest Kace Desktop Authority
6.1
CVSSv3
CVE-2015-9444
The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF.
Altosresearch Altos-connect 1.3.0
NA
CVE-2013-1942
Multiple cross-site scripting (XSS) vulnerabilities in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer prior to 2.2.20, as used in ownCloud Server prior to 5.0.4 and other products, allow remote malicious users to inject arbitrary web script or HTML vi...
Happyworm Jplayer 2.1.6
Happyworm Jplayer 2.1.0
Happyworm Jplayer 2.0.7
Happyworm Jplayer 2.0.8
Happyworm Jplayer 2.0.16
Happyworm Jplayer 2.0.17
Happyworm Jplayer 2.0.24
Happyworm Jplayer 2.0.25
Happyworm Jplayer 2.0.32
Happyworm Jplayer 2.0.33
Happyworm Jplayer 2.1.4
Happyworm Jplayer 2.1.5
Happyworm Jplayer 2.0.5
Happyworm Jplayer 2.0.6
Happyworm Jplayer 2.0.13
Happyworm Jplayer 2.0.14
Happyworm Jplayer 2.0.15
Happyworm Jplayer 2.0.22
Happyworm Jplayer 2.0.23
Happyworm Jplayer 2.0.30
Happyworm Jplayer 2.0.31
Happyworm Jplayer 1.1.1
1 EDB exploit
NA
CVE-2013-4634
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension prior to 0.0.9 for TYPO3 allows remote malicious users to execute arbitrary SQL commands via unspecified vectors.
Raphael Zschorsch Rzautocomplete 0.0.2
Raphael Zschorsch Rzautocomplete 0.0.7
Raphael Zschorsch Rzautocomplete 0.0.8
Raphael Zschorsch Rzautocomplete 0.0.5
Raphael Zschorsch Rzautocomplete 0.0.6
Raphael Zschorsch Rzautocomplete 0.0.3
Raphael Zschorsch Rzautocomplete 0.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »