CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1291 – XSS vulnerability with default `onCellHtmlData` function in hhurz/tableexport.jquery.plugin
https://notcve.org/view.php?id=CVE-2022-1291
XSS vulnerability with default `onCellHtmlData` function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers Una vulnerabilidad de tipo XSS con la función por defecto "onCellHtmlData" en el repositorio de GitHub hhurz/tableexport.jquery.plugin versiones anteriores a 1.25.0. Transmisión de cookies a servidores de terceros. Envío de datos de sesiones seguras a servidores de terceros • https://github.com/hhurz/tableexport.jquery.plugin/commit/dcbaee23cf98328397a153e71556f75202988ec9 https://huntr.dev/bounties/49a14371-6058-47dd-9801-ec38a7459fc5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23395
https://notcve.org/view.php?id=CVE-2022-23395
jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS). jQuery Cookie versión 1.4.1, está afectado por una contaminación de parámetros, lo que puede conllevar a una vulnerabilidad de tipo cross-site scripting (XSS) de DOM • https://security.netapp.com/advisory/ntap-20220325-0008 https://snyk.io/test/npm/jquery.cookie/1.4.1?tab=issues • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43862 – Self XSS on user input
https://notcve.org/view.php?id=CVE-2021-43862
jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code the victim sees. If the application uses the `execHash` option and executes code from URL, the attacker can use this URL to execute their code. The scope is limited because the javascript attribute used is added to span tag, so no automatic execution like with `onerror` on images is possible. • https://github.com/jcubic/jquery.terminal/commit/77eb044d0896e990d48a9157f0bc6648f81a84b5 https://github.com/jcubic/jquery.terminal/issues/727 https://github.com/jcubic/jquery.terminal/releases/tag/2.31.1 https://github.com/jcubic/jquery.terminal/security/advisories/GHSA-x9r5-jxvq-4387 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24543 – jQuery Reply to Comment <= 1.31 - CSRF to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24543
The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue. El plugin jQuery Reply to Comment de WordPress versiones hasta 1.31, no presenta ninguna comprobación de CSRF cuando guarda sus ajustes, ni sanea o escapa de sus ajustes "Quote String" y "Reply String" antes de mostrarlos en los comentarios, conllevando a un problema de tipo Cross-Site Scripting Almacenado • https://wpscan.com/vulnerability/aa23f743-811b-4fd1-81a9-42916342e312 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 21%CPEs: 1EXPL: 1CVE-2021-20083 – WordPress Core < 5.9.1 - jQuery Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-20083
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype. Una Modificación Controlada Inapropiadamente de Object Prototype Attributes ("Prototype Pollution") en jquery-plugin-query-object versión 2.2.3, permite a un usuario malicioso inyectar propiedades en Object.prototype • http://packetstormsecurity.com/files/166299/WordPress-Core-5.9.0-5.9.1-Cross-Site-Scripting.html https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-query-object.md https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7CR6VGITIB2TXXZ6B5QRRWPU5S4BXQPD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJX6NVXSRN3RX3YUVEJQ4WUTQSDL3DSR • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •