CPANSA-UR-2014-6071-jquery: UR vulnerability
Publisher | giterlizzi | Document category | csaf_security_advisory |
---|---|---|---|
Initial release date | 2018-01-16T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
Current release date | 2018-01-16T00:00:00 | Build Date | |
Current version | 1 | Status | final |
CVSS v3.1 Base Score | 6.1 | Severity | Medium |
Original language | Language | en | |
Also referred to |
Vulnerability Description
jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.
Vulnerabilities
CVE-2014-6071
Vulnerability DescriptionjQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after.
Weakness | CWE-79 : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
---|
Product status
Known affected
Product | Score | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
UR greater than or equal 0.42_01 and less than or equal 0.47 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-UR-2014-6071-jquery JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2018/cpansa-ur-2014-6071-jquery.json - https://bugzilla.redhat.com/show_bug.cgi?id=1136683 external
https://bugzilla.redhat.com/show_bug.cgi?id=1136683 - http://seclists.org/fulldisclosure/2014/Sep/10 external
http://seclists.org/fulldisclosure/2014/Sep/10 - https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 external
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 - CVE-2014-6071 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2014-6071
Revision history
Version | Date of the revision | Summary of the revision |
---|---|---|
1 | Tue Jan 16 00:00:00 2018 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/