CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 0CVE-2014-6071
https://notcve.org/view.php?id=CVE-2014-6071
16 Jan 2018 — jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after. jQuery 1.4.2 permite que atacantes remotos lleven a cabo ataques de Cross-Site Scripting (XSS) mediante vectores relacionados con el uso del método text en la función after. • http://seclists.org/fulldisclosure/2014/Sep/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 73EXPL: 0CVE-2015-7943
https://notcve.org/view.php?id=CVE-2015-7943
18 Oct 2017 — Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233. Vulnerabilidad de redirección abierta en el módulo Overlay en Drupal 7.x anterior a 7.41, el módulo jQuery Update 7.x-2.x anterior a... • http://www.debian.org/security/2017/dsa-3897 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1CVE-2015-2089 – CrossSlide jQuery Plugin <= 2.0.5 - Multiple Cross-Site Request Forgery to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-2089
09 Feb 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings or conduct cross-site scripting (XSS) attacks via the (2) csj_width, (3) csj_height, (4) csj_sleep, (5) csj_fade, or (6) upload_image parameter in the thisismyurl_csj.php page to wp-admin/options-general.php. Múltiples vulnerabilidades de CSRF e... • http://packetstormsecurity.com/files/130313/WordPress-Cross-Slide-2.0.5-Cross-Site-Request-Forgery-Cross-Site-Scripting.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 78%CPEs: 3EXPL: 2CVE-2014-8739 – Creative Contact Form < 1.0.0 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-8739
23 Oct 2014 — Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. Una vulnerabilidad de carga de archivos sin res... • https://www.exploit-db.com/exploits/36811 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.6EPSS: 4%CPEs: 3EXPL: 1CVE-2011-4969 – HP Security Bulletin HPSBHF03440 1
https://notcve.org/view.php?id=CVE-2011-4969
13 Feb 2013 — Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en jQuery antes de v1.6.3, cuando se seleccionan elementos location.hash, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una etiqueta hecha a mano. Multiple potential security vulnerabilities have been identified wi... • http://blog.jquery.com/2011/09/01/jquery-1-6-3-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 0CVE-2007-2379
https://notcve.org/view.php?id=CVE-2007-2379
30 Apr 2007 — The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." El marco de desarrollo jQuery intercambia datos utilizando JavaScript Object Notation (JSON) sin un esquema de protección asociado, lo cual permite a atacantes remotos obten... • http://osvdb.org/43320 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •