Количество 1 988
Количество 1 988
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...
GHSA-6c3j-c64m-qhgq
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVE-2019-11358
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | CVSS3: 6.1 | 27% Средний | почти 6 лет назад |
 | CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | CVSS3: 6.9 | 27% Средний | почти 6 лет назад |
| CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ... | CVSS3: 6.9 | 27% Средний | почти 6 лет назад |
| GHSA-6c3j-c64m-qhgq XSS in jQuery as used in Drupal, Backdrop CMS, and other products | CVSS3: 6.1 | 4% Низкий | почти 7 лет назад |
 | CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | CVSS3: 6.1 | 4% Низкий | почти 7 лет назад |
| CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | CVSS3: 5.6 | 4% Низкий | почти 7 лет назад |
| CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. | CVSS3: 6.1 | 4% Низкий | почти 7 лет назад |
| CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ... | CVSS3: 6.1 | 4% Низкий | почти 7 лет назад |
Уязвимостей на страницу