Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jquery vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-5737
Stored XSS in Tenable.Sc prior to 5.14.0 could allow an authenticated remote malicious user to craft a request to execute arbitrary script code in a user's browser session. Updated input validation techniques have been implemented to correct this issue.
Tenable Tenable.sc 5.14.0
Tenable Tenable.sc 5.14.1
7.5
CVSSv2
CVE-2019-9951
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware prior to 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/...
Western Digital My Cloud Mirror Gen 2 Firmware
Western Digital My Cloud Ex2 Ultra Firmware
Western Digital My Cloud Ex2100 Firmware
Western Digital My Cloud Ex4100
Western Digital My Cloud Dl2100
Western Digital My Cloud Dl4100 Firmware
Western Digital My Cloud Pr2100 Firmware
Western Digital My Cloud Pr4100
Western Digital My Cloud Firmware
1 Github repository
NA
CVE-2021-32860
iziModal is a modal plugin with jQuery. Versions before 1.6.1 are vulnerable to cross-site scripting (XSS) when handling untrusted modal titles. An attacker who is able to influence the field `title` when creating a `iziModal` instance is able to supply arbitrary `html` or `javas...
Izimodal Project Izimodal
NA
CVE-2023-1275
A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. This vulnerability affects unknown code of the file /osms/assets/plugins/jquery-validation-1.11.1/demo/captcha/index.php of the component CAPTCHA Handler. The manipulati...
Phone Shop Sales Managements System Project Phone Shop Sales Managements System 1.0
NA
CVE-2023-2582
A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access...
Strikingly Strikingly
NA
CVE-2023-2648
A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remote...
Weaver E-office 9.5
5 Github repositories
NA
CVE-2020-23064
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11023. Reason: This candidate is a duplicate of CVE-2020-11023. Notes: All CVE users should reference CVE-2020-11023 instead of this candidate. All references and descriptions in this candidate have been remo...
1 Article
3.3
CVSSv2
CVE-2018-1154
In SecurityCenter versions before 5.7.0, a username enumeration issue could allow an unauthenticated malicious user to automate the discovery of username aliases via brute force, ultimately facilitating unauthorized access. Server response output has been unified to correct this ...
Tenable Securitycenter
5.4
CVSSv2
CVE-2020-1722
A flaw was found in all ipa versions 4.x.x up to and including 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The ...
Freeipa Freeipa
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Enterprise Linux 8.0
5
CVSSv2
CVE-2020-10933
An issue exists in Ruby 2.5.x up to and including 2.5.7, 2.6.x up to and including 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the bu...
Ruby-lang Ruby
Ruby-lang Ruby 2.7.0
Fedoraproject Fedora 31
Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »