CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43862 – Self XSS on user input
https://notcve.org/view.php?id=CVE-2021-43862
30 Dec 2021 — jQuery Terminal Emulator is a plugin for creating command line interpreters in your applications. Versions prior to 2.31.1 contain a low impact and limited cross-site scripting (XSS) vulnerability. The code for XSS payload is always visible, but an attacker can use other techniques to hide the code the victim sees. If the application uses the `execHash` option and executes code from URL, the attacker can use this URL to execute their code. The scope is limited because the javascript attribute used is added ... • https://github.com/jcubic/jquery.terminal/commit/77eb044d0896e990d48a9157f0bc6648f81a84b5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24543 – jQuery Reply to Comment <= 1.31 - CSRF to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24543
21 Sep 2021 — The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue. El plugin jQuery Reply to Comment de WordPress versiones hasta 1.31, no presenta ninguna comprobación de CSRF cuando guarda sus ajustes, ni sanea o escapa de sus ajustes "Quote String" y "Reply String" antes de mostrarlos en los comentarios, con... • https://wpscan.com/vulnerability/aa23f743-811b-4fd1-81a9-42916342e312 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 2%CPEs: 1EXPL: 1CVE-2021-20083 – WordPress Core < 5.9.1 - jQuery Prototype Pollution
https://notcve.org/view.php?id=CVE-2021-20083
23 Apr 2021 — Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype. Una Modificación Controlada Inapropiadamente de Object Prototype Attributes ("Prototype Pollution") en jquery-plugin-query-object versión 2.2.3, permite a un usuario malicioso inyectar propiedades en Object.prototype WordPress Core versions 5.9.0 through 5.9.1 suffer from a persistent cross site scripting vulnerabili... • http://packetstormsecurity.com/files/166299/WordPress-Core-5.9.0-5.9.1-Cross-Site-Scripting.html • CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-20086
https://notcve.org/view.php?id=CVE-2021-20086
23 Apr 2021 — Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype. Una Modificación Controlada Inapropiadamente de Object Prototype Attributes ("Prototype Pollution") en jquery-bbq versión 1.2.1, permite a un usuario malicioso inyectar propiedades en Object.prototype • https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-bbq.md • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-20084
https://notcve.org/view.php?id=CVE-2021-20084
23 Apr 2021 — Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype. Una Modificación Controlada Inapropiadamente de Object Prototype Attributes("Prototype Pollution") en jquery-sparkle versión 1.5.2-beta, permite a un usuario malicioso inyectar propiedades en Object.prototype • https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/jquery-sparkle.md • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 2CVE-2020-7656 – jquery: Cross-site scripting (XSS) via <script> HTML tags containing whitespaces
https://notcve.org/view.php?id=CVE-2020-7656
19 May 2020 — jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "", which results in the enclosed script logic to be executed. jquery versiones anteriores a 1.9.0, permite ataques de tipo Cross-site Scripting por medio del método de carga. El método de carga presenta un fallo al reconocer y eliminar las etiquetas HTML "(script)" que contienen un carácter de espacio en blanco,... • https://github.com/ossf-cve-benchmark/CVE-2020-7656 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 2%CPEs: 206EXPL: 6CVE-2020-11022 – Potential XSS vulnerability in jQuery
https://notcve.org/view.php?id=CVE-2020-11022
29 Apr 2020 — In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. En las versiones de jQuery mayores o iguales a 1.2 y anteriores a la versión 3.5.0, se puede ejecutar HTML desde fuentes no seguras, incluso después de desinfectarlo, a uno de los métodos de manipulación DOM de jQuery (es decir .h... • https://packetstorm.news/files/id/162159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 9%CPEs: 81EXPL: 8CVE-2020-11023 – JQuery Cross-Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2020-11023
29 Apr 2020 — In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18405
https://notcve.org/view.php?id=CVE-2018-18405
22 Apr 2020 — jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry ** EN DISPUTA ** jQuery v2.2.2 permite XSS a través de un atributo de error diseñado de un elemento IMG. NOTA: se ha informado que esta vulnerabilidad es una entrada de spam. • https://gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 218EXPL: 7CVE-2019-11358 – jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection
https://notcve.org/view.php?id=CVE-2019-11358
19 Apr 2019 — jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminación de Object.prototype. Si un objeto fuente no sanitizado contenía una propi... • https://github.com/isacaya/CVE-2019-11358 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •