Show filters
6 Total Results
Displaying 1-6 of 6
Sort by:
Attacker Value
Moderate
CVE-2015-9251
Disclosure Date: January 18, 2018 (last updated November 08, 2023)
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
6
Attacker Value
Low
CVE-2019-11358
Disclosure Date: April 20, 2019 (last updated February 17, 2024)
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
6
Attacker Value
Unknown
CVE-2019-0227
Disclosure Date: May 01, 2019 (last updated November 08, 2023)
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
0
Attacker Value
Unknown
CVE-2018-8032
Disclosure Date: August 02, 2018 (last updated November 08, 2023)
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
0
Attacker Value
Unknown
CVE-2018-1257
Disclosure Date: May 11, 2018 (last updated November 26, 2024)
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
0
Attacker Value
Unknown
CVE-2006-6573
Disclosure Date: December 15, 2006 (last updated October 04, 2023)
Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated users to "gain access to data" and obtain sensitive information via unspecified vectors.
0