Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 24 results


CVE-2021-32850

Medium priority
Needs evaluation

jQuery MiniColors is a color picker built on jQuery. Prior to version 2.3.6, jQuery MiniColors is prone to cross-site scripting when handling untrusted color names. This issue is patched in version 2.3.6.

1 affected packages

jquery-minicolors

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jquery-minicolors Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2022-31160

Medium priority

Some fixes available 3 of 4

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an...

1 affected packages

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected Fixed Fixed Fixed Not affected
Show less packages

CVE-2022-31147

Medium priority
Needs evaluation

The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. Versions of jquery-validation prior to 1.19.5 are vulnerable to regular expression denial of service (ReDoS) when an attacker is able to...

3 affected packages

civicrm, jquery, node-jquery

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
civicrm Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
jquery Not in release Not in release Not affected Not affected Not affected
node-jquery Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-43306

Medium priority
Needs evaluation

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method

3 affected packages

civicrm, jquery, node-jquery

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
civicrm Not in release Needs evaluation Needs evaluation Needs evaluation Needs evaluation
jquery Not in release Not in release Not affected Not affected Not affected
node-jquery Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-23395

Low priority
Not affected

jQuery Cookie 1.4.1 is affected by prototype pollution, which can lead to DOM cross-site scripting (XSS).

1 affected packages

jquery-goodies

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jquery-goodies Not affected Not affected Not affected Not affected
Show less packages

CVE-2021-41184

Medium priority

Some fixes available 2 of 4

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI...

1 affected packages

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected Fixed Fixed Not affected
Show less packages

CVE-2021-41183

Medium priority

Some fixes available 4 of 7

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in...

1 affected packages

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected Fixed Fixed Fixed
Show less packages

CVE-2021-41182

Medium priority

Some fixes available 4 of 7

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in...

1 affected packages

jqueryui

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jqueryui Not affected Fixed Fixed Fixed
Show less packages

CVE-2020-7656

Low priority
Ignored

jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the...

1 affected packages

jquery

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
jquery Not affected Not affected Ignored
Show less packages

CVE-2020-11022

Low priority
Needs evaluation

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may...

2 affected packages

drupal7, jquery

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
drupal7 Not in release Not in release Not in release Not in release Needs evaluation
jquery Not in release Not in release Needs evaluation Needs evaluation Needs evaluation
Show less packages