elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver (elFinderVolumeMySQL) allows any logged-in user, including users with read-only access to the affected volume, to inject SQL through a crafted target file hash. Successful exploitation can lead to unauthorized dat…

CVSS: 8.8 · CWE: CWE-89

View on NVD

The HCL BigFix SCM Reporting site contains an outdated and unsupported version of the jQuery 1.x library. Since jQuery 1.x has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses and increase the risk of client-side attacks such as Cross-Site Scripting (XSS) or manipulation through vulnerable third-party components.

CVSS: 8.3 · CWE: CWE-1104

View on NVD

AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed in 2.1.16.

CVSS: 8.8 · CWE: CWE-79

View on NVD

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg (background color) parameter is accepted from user input and passed through image resize/rotate processing. In configurations that use the ImageMagick CLI backend, this value is incorporated into shell command st…

CVSS: 9.8 · CWE: CWE-78

View on NVD

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a stored cross-site scripting (XSS) vulnerability in the mailbox signature feature. The sanitization function `Helper::stripDangerousTags()` (`app/Misc/Helper.php:568`) uses an incomplete blocklist of only four HTML tags (`script`, `form`, `iframe`, `object`) and does not remove event handler attributes.…

CVSS: 8.5 · CWE: CWE-79

View on NVD

Deserialization of Untrusted Data vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows Object Injection.This issue affects JS Archive List: from n/a through <= 6.1.7.

CVSS: 8.8 · CWE: CWE-502

View on NVD

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves client-side DOM-based rendering via jQuery .html() in a completely different component (portal/sign/a…

CVSS: 7.7 · CWE: CWE-79

View on NVD

Blackcat CMS 1.4 contains a remote code execution vulnerability that allows authenticated administrators to upload malicious PHP files through the jquery plugin manager. Attackers can upload a zip file with a PHP shell script and execute arbitrary system commands by accessing the uploaded plugin's PHP file with a 'code' parameter.

CVSS: 7.2 · CWE: CWE-434

View on NVD

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Miguel Useche JS Archive List jquery-archive-list-widget allows SQL Injection.This issue affects JS Archive List: from n/a through < 6.1.6.

CVSS: 9.3 · CWE: CWE-89

View on NVD

The Work The Flow File Upload plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the jQuery-File-Upload-9.5.0 server and test files in versions up to, and including, 2.5.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected sites server which may make remote code execution possible.

CVSS: 9.8 · CWE: CWE-434

View on NVD

An unrestricted file upload vulnerability exists in BuilderEngine 3.5.0 via the integration of the elFinder 2.0 file manager and its use of the jQuery File Upload plugin. The plugin fails to properly validate or restrict file types or locations during upload operations, allowing an attacker to upload a malicious .php file and subsequently execute arbitrary PHP code on the server under the context…

CVSS: 9.3 · CWE: CWE-20

View on NVD

Cross-Site Request Forgery (CSRF) vulnerability in milat Milat jQuery Automatic Popup milat-jquery-automatic-popup allows Stored XSS.This issue affects Milat jQuery Automatic Popup: from n/a through <= 1.3.1.

CVSS: 7.1 · CWE: CWE-352

View on NVD

An arbitrary file upload vulnerability in the component /jquery-file-upload/server/php/index.php of Hospital Management System v4.0 allows an unauthenticated attacker to upload any file to the server and execute arbitrary code.

CVSS: 9.8 · CWE: CWE-94

View on NVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 1pluginjquery ZooEffect 1-jquery-photo-gallery-slideshow-flash allows Reflected XSS.This issue affects ZooEffect: from n/a through <= 1.11.

CVSS: 7.1 · CWE: CWE-79

View on NVD

Cross-Site Request Forgery (CSRF) vulnerability in Sana Ullah jQuery Dropdown Menu jquery-drop-down-menu-plugin allows Stored XSS.This issue affects jQuery Dropdown Menu: from n/a through <= 3.0.

CVSS: 7.1 · CWE: CWE-352

View on NVD

Cross-Site Request Forgery (CSRF) vulnerability in bhzad WP jQuery Persian Datepicker wpjqp-datepicker allows Stored XSS.This issue affects WP jQuery Persian Datepicker: from n/a through <= 0.1.0.

CVSS: 7.1 · CWE: CWE-352

View on NVD

The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. `Leostop` may be a tracking malware and creates 2 JavaScript fi…

CVSS: 8.2 · CWE: CWE-494

View on NVD

Cross Site Scripting vulnerability in JavaScript Library jquery-ui v.1.13.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the window.addEventListener component. NOTE: this is disputed by the Supplier because it cannot be reproduced, and because the exploitation example does not indicate whether, or how, the example website is using jQ…

CVSS: 7.1 · CWE: CWE-79

View on NVD

Vulnerability in the Scriptcase application version 9.4.019, which involves the arbitrary upload of a file via /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ via a POST request. An attacker could upload malicious files to the server due to the application not properly verifying user input.

CVSS: 10.0 · CWE: CWE-434

View on NVD

Under certain circumstances the camera may be susceptible to known vulnerabilities associated with the JQuery versions prior to 3.5.0 third-party component

CVSS: 7.0 · CWE: N/A

View on NVD

A JQuery Unrestricted Arbitrary File Upload vulnerability was discovered in Hospital Management System V4.0 which allows an unauthenticated attacker to upload any file to the server.

CVSS: 9.8 · CWE: CWE-434

View on NVD

The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries i…

CVSS: 8.8 · CWE: CWE-89

View on NVD

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into alre…

CVSS: 8.8 · CWE: CWE-89

View on NVD

The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to supply arbitrary input to the url2 method. This is due to an incomplete fix for CVE-2021-43306. Users should upgrade to version 1.19.5 to receive a patch.

CVSS: 7.5 · CWE: CWE-1333

View on NVD

The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.

CVSS: 9.8 · CWE: CWE-434

View on NVD

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of sanitization and use of ``jQuery.html()``, there are a whole host of cross-site scripting possibilities with specially crafted input to a variety of fields. This issue is patched in version 5.11.0. There a…

CVSS: 9.8 · CWE: CWE-116

View on NVD

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with minimal configuration. The issues were patched in version 2.1.59. As a workaround, ensure the connector is not exposed w…

CVSS: 9.8 · CWE: CWE-22

View on NVD

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-bbq 1.2.1 allows a malicious user to inject properties into Object.prototype.

CVSS: 8.8 · CWE: CWE-1321

View on NVD

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.

CVSS: 8.8 · CWE: CWE-1321

View on NVD

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-deparam 0.5.1 allows a malicious user to inject properties into Object.prototype.

CVSS: 8.8 · CWE: CWE-1321

View on NVD

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in jquery-sparkle 1.5.2-beta allows a malicious user to inject properties into Object.prototype.

CVSS: 8.8 · CWE: CWE-1321

View on NVD

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) via arbitrary script execution. Admin access is required to exploit this vulnerability. The affected components are: content_fields.php, content_info.php, content_options.php, content_related.php, index_list_tree.php, jquery.bcTree.js. The issue is fixed in version 4.3.7.

CVSS: 7.3 · CWE: CWE-79

View on NVD

In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable due to the usage of old jQuery libraries.

CVSS: 7.2 · CWE: CWE-477

View on NVD

Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contact Form) before 1.0.0 for WordPress and before 2.0.1 for Joomla!, allows remote attackers to execute arbitrary code by uploading a PHP file with an PHP extension, then accessing it via a direct request…

CVSS: 9.8 · CWE: CWE-434

View on NVD

An insecure component vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. Magento 2 codebase leveraged outdated versions of JS libraries (Bootstrap, jquery, Knockout) with known security vulnerabilities.

CVSS: 9.8 · CWE: N/A

View on NVD

The ACF-Frontend-Display plugin through 2015-07-03 for WordPress has arbitrary file upload via an action=upload request to js/blueimp-jQuery-File-Upload-d45deb1/server/php/index.php.

CVSS: 9.8 · CWE: CWE-434

View on NVD

Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100, My Cloud DL4100, My Cloud PR2100 and My Cloud PR4100 firmware before 2.31.174 is affected by an unauthenticated file upload vulnerability. The page web/jquery/uploader/uploadify.php can be accessed without any credentials, and allows uploading arbitrary files to any location on t…

CVSS: 9.8 · CWE: CWE-434

View on NVD

Arbitrary file upload in jQuery Upload File <= 4.0.2

CVSS: 9.8 · CWE: CWE-434

View on NVD

Unauthenticated arbitrary file upload vulnerability in jQuery Picture Cut <= v1.1Beta

CVSS: 9.8 · CWE: CWE-434

View on NVD

Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0

CVSS: 9.8 · CWE: CWE-434

View on NVD

`jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.

CVSS: 7.5 · CWE: CWE-506

View on NVD

In Jupyter Notebook before 5.4.1, a maliciously forged notebook file can bypass sanitization to execute JavaScript in the notebook context. Specifically, invalid HTML is 'fixed' by jQuery after sanitization, making it dangerous.

CVSS: 7.8 · CWE: N/A

View on NVD

jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an infinite recursion, exceeding the stack call limit.

CVSS: 7.5 · CWE: CWE-674

View on NVD

An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to place a file anywhere on the device's file system. This allows an attacker the ability to upload a PHP shell onto the device and obtain arbitrary…

CVSS: 9.8 · CWE: CWE-287

View on NVD

SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS: 7.5 · CWE: CWE-89

View on NVD