Page 2 of 8 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 81EXPL: 1

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. jQuery en versiones anteriores a la 3.0.0 es vulnerable a ataques de Cross-site Scripting (XSS) cuando se realiza una petición Ajax de dominios cruzados sin la opción dataType. Esto provoca que se ejecuten respuestas de texto/javascript. • https://github.com/halkichi0308/CVE-2015-9251 http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html http://seclists.org/fulldisclosure/2019/May/10 http://seclists.org/fulldisclosure/2019/May/11 http://seclists.org/fulldisclosure/2019/May/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 73EXPL: 0

Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233. Vulnerabilidad de redirección abierta en el módulo Overlay en Drupal 7.x anterior a 7.41, el módulo jQuery Update 7.x-2.x anterior a 7.x-2.7 para Drupal, y el módulo LABjs 7.x-1.x anterior a 7.x-1.8 permite que atacantes remotos redirijan usuarios a sitios web arbitrarios y lleven a cabo ataques de phishing mediante vectores sin especificar. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-3233. • http://www.debian.org/security/2017/dsa-3897 http://www.securityfocus.com/bid/77293 https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2015-10-21/drupal-core-overlay-less-critical https://www.drupal.org/node/2598426 https://www.drupal.org/node/2598434 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en jQuery antes de v1.6.3, cuando se seleccionan elementos location.hash, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una etiqueta hecha a mano. • http://blog.jquery.com/2011/09/01/jquery-1-6-3-released http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html http://bugs.jquery.com/ticket/9521 http://www.openwall.com/lists/oss-security/2013/01/31/3 http://www.osvdb.org/80056 http://www.securityfocus.com/bid/58458 http://www.securitytracker.com/id/1036620 http://www.ubuntu.com/usn/USN-1722-1 https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9 https://h20566.www2.hpe.com/portal&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •