Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1
CVE-2019-11358
- EPSS 2.4%
- Published 20.04.2019 00:29:00
- Last modified 21.11.2024 04:20:56
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...
6.1
CVE-2015-9251
- EPSS 9.84%
- Published 18.01.2018 23:29:00
- Last modified 21.11.2024 02:40:09
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.