1
|
6.1
4.3
|
MEDIUM
Network
|
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >…
|
CWE-79
Cross-site Scripting
|
CVE-2020-7656
|
cpe:2.3:a:jquery:jquery:*:*
|
|
|
|
1.9.0
|
2023-06-23 04:49
2020-05-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
2
|
6.1
4.3
|
MEDIUM
Network
|
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append()…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11022
|
cpe:2.3:a:jquery:jquery:*:*
|
1.2
|
|
|
3.5.0
|
2023-11-7 12:14
2020-04-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
3
|
6.1
4.3
|
MEDIUM
Network
|
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation m…
|
CWE-79
Cross-site Scripting
|
CVE-2020-11023
|
cpe:2.3:a:jquery:jquery:*:*
|
1.0.3
|
|
|
3.5.0
|
2023-11-7 12:14
2020-04-30
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
4
|
6.1
4.3
|
MEDIUM
Network
|
jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry
Update
|
CWE-79
Cross-site Scripting
|
CVE-2018-18405
|
cpe:2.3:a:jquery:jquery:2.2.2:*
|
|
|
|
|
2024-05-17 10:25
2020-04-23
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
5
|
6.1
4.3
|
MEDIUM
Network
|
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an e…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2019-11358
|
cpe:2.3:a:jquery:jquery:*:*
|
|
|
|
3.4.0
|
2024-02-17 01:32
2019-04-20
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
6
|
7.5
5.0
|
HIGH
Network
jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an i…
|
CWE-674
Uncontrolled Recursion
|
CVE-2016-10707
|
cpe:2.3:a:jquery:jquery:3.0.0:rc1
|
|
|
|
|
2024-02-10 11:43
2018-01-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
7
|
6.1
4.3
|
MEDIUM
Network
|
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
|
CWE-79
Cross-site Scripting
|
CVE-2015-9251
|
cpe:2.3:a:jquery:jquery:*:*
|
|
|
|
3.0.0
|
2023-11-7 11:28
2018-01-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
8
|
6.1
4.3
|
MEDIUM
Network
|
jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6708
|
cpe:2.3:a:jquery:jquery:*:*
|
|
|
|
1.9.0
|
2023-11-7 11:13
2018-01-19
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
9
|
6.1
4.3
|
MEDIUM
Network
|
jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.
|
CWE-79
Cross-site Scripting
|
CVE-2014-6071
|
cpe:2.3:a:jquery:jquery:1.4.2:*
|
|
|
|
|
2018-12-1 06:29
2018-01-17
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|
10
|
-
4.3
|
MEDIUM
|
Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
|
CWE-79
Cross-site Scripting
|
CVE-2011-4969
|
cpe:2.3:a:jquery:jquery:1.6:* cpe:2.3:a:jquery:jquery:1.6.1:* cpe:2.3:a:jquery:jquery:*:*
|
|
1.6.2
|
|
|
2023-11-7 11:09
2013-03-9
|
Show
|
GitHub
Exploit DB
Packet Storm
|
|