CVSS: 9.8EPSS: 78%CPEs: 3EXPL: 2CVE-2014-8739 – Creative Contact Form < 1.0.0 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-8739
23 Oct 2014 — Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request to the file in files/, as exploited in the wild in October 2014. Una vulnerabilidad de carga de archivos sin res... • https://www.exploit-db.com/exploits/36811 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.6EPSS: 4%CPEs: 3EXPL: 1CVE-2011-4969 – HP Security Bulletin HPSBHF03440 1
https://notcve.org/view.php?id=CVE-2011-4969
08 Mar 2013 — Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en jQuery antes de v1.6.3, cuando se seleccionan elementos location.hash, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de una etiqueta hecha a mano. Multiple potential security vulnerabilities have been identified wi... • http://blog.jquery.com/2011/09/01/jquery-1-6-3-released • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 0CVE-2007-2379
https://notcve.org/view.php?id=CVE-2007-2379
30 Apr 2007 — The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." El marco de desarrollo jQuery intercambia datos utilizando JavaScript Object Notation (JSON) sin un esquema de protección asociado, lo cual permite a atacantes remotos obten... • http://osvdb.org/43320 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •