Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

cpan

App-Netdisco

cpan

An open source web-based network management tool.

View on metacpan.org

Security Advisories for App-Netdisco in cpan

High
about 4 years ago

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is... CPANSA-App-Netdisco-2022-24785-momentjs

cpan App-Netdisco
Moderate
about 6 years ago

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be e... CPANSA-App-Netdisco-2020-7656-jquery

cpan App-Netdisco
Moderate
about 6 years ago

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This proble... CPANSA-App-Netdisco-2020-11022-jquery

cpan App-Netdisco
Moderate
about 6 years ago

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may exec... CPANSA-App-Netdisco-2020-11023-jquery

cpan App-Netdisco
Moderate
about 7 years ago

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the nat... CPANSA-App-Netdisco-2019-11358-jquery

cpan App-Netdisco
over 7 years ago

Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, ... CPANSA-App-Netdisco-2019-5428-jquery

cpan App-Netdisco
Moderate
over 8 years ago

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for... CPANSA-App-Netdisco-2012-6708-jquery

cpan App-Netdisco
Moderate
over 8 years ago

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CPANSA-App-Netdisco-2015-9251-jquery

cpan App-Netdisco
Moderate
over 8 years ago

jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after. CPANSA-App-Netdisco-2014-6071-jquery

cpan App-Netdisco
about 13 years ago

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. CPANSA-App-Netdisco-2011-4969-jquery

cpan App-Netdisco

Filter by Severity

Moderate 7 High 1