Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

cpan

Resource-Pack-jQuery

cpan

Resource::Pack resource for the jQuery Javascript library

View on metacpan.org

Security Advisories for Resource-Pack-jQuery in cpan

Moderate
about 6 years ago

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be e... CPANSA-Resource-Pack-jQuery-2020-7656-jquery

cpan Resource-Pack-jQuery
Moderate
about 6 years ago

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may exec... CPANSA-Resource-Pack-jQuery-2020-11023-jquery

cpan Resource-Pack-jQuery
Moderate
about 6 years ago

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This proble... CPANSA-Resource-Pack-jQuery-2020-11022-jquery

cpan Resource-Pack-jQuery
Moderate
about 7 years ago

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the nat... CPANSA-Resource-Pack-jQuery-2019-11358-jquery

cpan Resource-Pack-jQuery
over 7 years ago

Prototype Pollution is a vulnerability affecting JavaScript. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, ... CPANSA-Resource-Pack-jQuery-2019-5428-jquery

cpan Resource-Pack-jQuery
Moderate
over 8 years ago

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CPANSA-Resource-Pack-jQuery-2015-9251-jquery

cpan Resource-Pack-jQuery
Moderate
over 8 years ago

jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for... CPANSA-Resource-Pack-jQuery-2012-6708-jquery

cpan Resource-Pack-jQuery
Moderate
over 8 years ago

jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after. CPANSA-Resource-Pack-jQuery-2014-6071-jquery

cpan Resource-Pack-jQuery
about 13 years ago

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. CPANSA-Resource-Pack-jQuery-2011-4969-jquery

cpan Resource-Pack-jQuery

Filter by Severity

Moderate 7