VYPR
Vendor

jQuery

Products
1
CVEs
12
Across products
13
Status
Private

Products

1

Recent CVEs

12
  • CVE-2020-11022MedApr 29, 2020
    risk 0.49cvss 6.9epss 0.99

    In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

  • CVE-2024-30875HigOct 17, 2024
    risk 0.48cvss 7.1epss 0.01

    Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it…

  • CVE-2014-6071MedJan 16, 2018
    risk 0.40cvss 6.1epss 0.02

    jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.

  • CVE-2020-11023KEVApr 29, 2020
    risk 0.15cvss epss 0.84

    In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This…

  • CVE-2021-41182Oct 26, 2021
    risk 0.03cvss epss 0.38

    jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the…

  • CVE-2021-41183Oct 26, 2021
    risk 0.01cvss epss 0.08

    jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various…

  • CVE-2022-31160Jul 20, 2022
    risk 0.00cvss epss 0.02

    jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent…

  • CVE-2021-41184Oct 26, 2021
    risk 0.00cvss epss 0.43

    jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of`…

  • CVE-2020-7656May 19, 2020
    risk 0.00cvss epss 0.06

    jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "", which results in the enclosed script logic to be executed.

  • CVE-2018-18405Apr 22, 2020
    risk 0.00cvss epss 0.02

    jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry

  • CVE-2011-4969Mar 8, 2013
    risk 0.00cvss epss 0.19

    Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

  • CVE-2007-2379Apr 30, 2007
    risk 0.00cvss epss 0.03

    The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the…