CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-30241
https://notcve.org/view.php?id=CVE-2022-30241
04 May 2022 — The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element. jquery.json-viewer library versiones hasta 1.4.0 para Node.js no escapa correctamente los caracteres como < en un objeto JSON, como lo demuestra un elemento SCRIPT • https://github.com/abodelot/jquery.json-viewer/pull/26 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1291 – XSS vulnerability with default `onCellHtmlData` function in hhurz/tableexport.jquery.plugin
https://notcve.org/view.php?id=CVE-2022-1291
10 Apr 2022 — XSS vulnerability with default `onCellHtmlData` function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party servers Una vulnerabilidad de tipo XSS con la función por defecto "onCellHtmlData" en el repositorio de GitHub hhurz/tableexport.jquery.plugin versiones anteriores a 1.25.0. Transmisión de cookies a servidores de terceros. Envío de datos de sesiones seguras a servidores de terceros • https://github.com/hhurz/tableexport.jquery.plugin/commit/dcbaee23cf98328397a153e71556f75202988ec9 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-23395
https://notcve.org/view.php?id=CVE-2022-23395
02 Mar 2022 — jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS). jQuery Cookie versión 1.4.1, está afectado por una contaminación de parámetros, lo que puede conllevar a una vulnerabilidad de tipo cross-site scripting (XSS) de DOM • https://security.netapp.com/advisory/ntap-20220325-0008 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43862 – Self XSS on user input
https://notcve.org/view.php?id=CVE-2021-43862
30 Dec 2021 — jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code the victim sees. If the application uses the `execHash` option and executes code from URL, the attacker can use this URL to execute their code. The scope is limited because the javascript attribute used is added ... • https://github.com/jcubic/jquery.terminal/commit/77eb044d0896e990d48a9157f0bc6648f81a84b5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24543 – jQuery Reply to Comment <= 1.31 - CSRF to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24543
21 Sep 2021 — The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue. El plugin jQuery Reply to Comment de WordPress versiones hasta 1.31, no presenta ninguna comprobación de CSRF cuando guarda sus ajustes, ni sanea o escapa de sus ajustes "Quote String" y "Reply String" antes de mostrarlos en los comentarios, con... • https://wpscan.com/vulnerability/aa23f743-811b-4fd1-81a9-42916342e312 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 7%CPEs: 1EXPL: 1CVE-2021-20083 – WordPress Core < 5.9.1 - jQuery Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-20083
23 Apr 2021 — Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype. Una Modificación Controlada Inapropiadamente de Object Prototype Attributes ("Prototype Pollution") en jquery-plugin-query-object versión 2.2.3, permite a un usuario malicioso inyectar propiedades en Object.prototype WordPress Core versions 5.9.0 through 5.9.1 suffer from a persistent cross site scripting vulnerabili... • http://packetstormsecurity.com/files/166299/WordPress-Core-5.9.0-5.9.1-Cross-Site-Scripting.html • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-20086
https://notcve.org/view.php?id=CVE-2021-20086
23 Apr 2021 — Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype. Una Modificación Controlada Inapropiadamente de Object Prototype Attributes ("Prototype Pollution") en jquery-bbq versión 1.2.1, permite a un usuario malicioso inyectar propiedades en Object.prototype • https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-bbq.md • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-20084
https://notcve.org/view.php?id=CVE-2021-20084
23 Apr 2021 — Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype. Una Modificación Controlada Inapropiadamente de Object Prototype Attributes("Prototype Pollution") en jquery-sparkle versión 1.5.2-beta, permite a un usuario malicioso inyectar propiedades en Object.prototype • https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-sparkle.md • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.1EPSS: 1%CPEs: 9EXPL: 4CVE-2020-7656 – jQuery 3.3.1 - Prototype Pollution & XSS Exploit
https://notcve.org/view.php?id=CVE-2020-7656
19 May 2020 — jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "", which results in the enclosed script logic to be executed. jquery versiones anteriores a 1.9.0, permite ataques de tipo Cross-site Scripting por medio del método de carga. El método de carga presenta un fallo al reconocer y eliminar las etiquetas HTML "(script)" que contienen un carácter de espacio en blanco,... • https://packetstorm.news/files/id/190328 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 21%CPEs: 81EXPL: 8CVE-2020-11023 – JQuery Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2020-11023
29 Apr 2020 — In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing