Page 2 of 7 results (0.005 seconds)

CVSS: 6.1EPSS: 0%CPEs: 81EXPL: 1

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. jQuery en versiones anteriores a la 3.0.0 es vulnerable a ataques de Cross-site Scripting (XSS) cuando se realiza una petición Ajax de dominios cruzados sin la opción dataType. Esto provoca que se ejecuten respuestas de texto/javascript. • https://github.com/halkichi0308/CVE-2015-9251 http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00041.html http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html http://seclists.org/fulldisclosure/2019/May/10 http://seclists.org/fulldisclosure/2019/May/11 http://seclists.org/fulldisclosure/2019/May/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 1

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en jQuery antes de v1.6.3, cuando se seleccionan elementos location.hash, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una etiqueta hecha a mano. • http://blog.jquery.com/2011/09/01/jquery-1-6-3-released http://blog.mindedsecurity.com/2011/07/jquery-is-sink.html http://bugs.jquery.com/ticket/9521 http://www.openwall.com/lists/oss-security/2013/01/31/3 http://www.osvdb.org/80056 http://www.securityfocus.com/bid/58458 http://www.securitytracker.com/id/1036620 http://www.ubuntu.com/usn/USN-1722-1 https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9 https://h20566.www2.hpe.com/portal&#x • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •