Max CVSS 6.8 Min CVSS 4.0 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2019-11358 4.3
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n
16-02-2024 - 16:32 20-04-2019 - 00:29
CVE-2020-11022 4.3
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
31-08-2023 - 03:15 29-04-2020 - 22:15
CVE-2020-1722 5.4
A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unr
12-02-2023 - 23:40 27-04-2020 - 21:15
CVE-2019-8331 4.3
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
16-05-2022 - 19:52 20-02-2019 - 16:29
CVE-2018-20676 4.3
In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.
22-07-2021 - 18:15 09-01-2019 - 05:29
CVE-2018-20677 4.3
In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.
22-07-2021 - 18:15 09-01-2019 - 05:29
CVE-2018-14042 4.3
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
22-07-2021 - 18:15 13-07-2018 - 14:29
CVE-2018-14040 4.3
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
22-07-2021 - 18:15 13-07-2018 - 14:29
CVE-2016-10735 4.3
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
22-07-2021 - 18:15 09-01-2019 - 05:29
CVE-2015-9251 4.3
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
08-01-2021 - 12:15 18-01-2018 - 23:29
CVE-2020-11022 4.3
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob
25-09-2020 - 20:15 29-04-2020 - 22:15
CVE-2019-14867 6.8
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data.
05-02-2020 - 00:15 27-11-2019 - 09:15
CVE-2019-10195 4.0
A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on Fre
05-02-2020 - 00:15 27-11-2019 - 08:15
Back to Top Mark selected
Back to Top