Jquery-rails

This hub aggregates every CVE we track for Jquery-rails, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 9 most recently published vulnerabilities affecting Jquery-rails.

• CVE-2020-7656jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script...6.1May 19, 2020
• CVE-2020-11022jQuery has a potential XSS vulnerability6.9Apr 29, 2020
• CVE-2020-11023Potential XSS vulnerability in jQueryKEV6.9Apr 29, 2020
• CVE-2019-11358jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an...6.1Apr 19, 2019
• CVE-2016-10707jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an...7.5Jan 18, 2018
• CVE-2015-9251jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.6.1Jan 18, 2018
• CVE-2012-6708jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQue...6.1Jan 18, 2018
• CVE-2015-1840jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.0.4, as used with Ruby on Rails 3.x and 4.x, allow remote attackers to bypass the Same Origin Pol...5.0Jul 26, 2015
• CVE-2011-4969Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.4.3Mar 8, 2013