Show filters
67 Total Results
Displaying 41-50 of 67
Sort by:
Attacker Value
Unknown

CVE-2021-20086

Disclosure Date: April 23, 2021 (last updated February 22, 2025)
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-20084

Disclosure Date: April 23, 2021 (last updated February 22, 2025)
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-20087

Disclosure Date: April 23, 2021 (last updated February 22, 2025)
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-28488

Disclosure Date: January 22, 2021 (last updated November 08, 2023)
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
0
0
Attacker Value
Unknown

CVE-2021-21252

Disclosure Date: January 13, 2021 (last updated February 22, 2025)
The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS (Regular Expression Denial of Service). This is fixed in 1.19.3.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2020-7656

Disclosure Date: May 19, 2020 (last updated February 21, 2025)
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2018-18405

Disclosure Date: April 22, 2020 (last updated February 21, 2025)
jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2014-8739

Disclosure Date: February 08, 2020 (last updated February 21, 2025)
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-9207

Disclosure Date: November 19, 2018 (last updated November 27, 2024)
Arbitrary file upload in jQuery Upload File <= 4.0.2
0
0
Attacker Value
Unknown

CVE-2018-9208

Disclosure Date: November 05, 2018 (last updated November 27, 2024)
Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta
0
0
View More Topics  < Previous  Next >