CVE-2020-17530
- EPSS 94.37%
- Veröffentlicht 11.12.2020 02:15:10
- Zuletzt bearbeitet 27.10.2025 17:37:20
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
CVE-2019-0230
- EPSS 93.85%
- Veröffentlicht 14.09.2020 17:15:09
- Zuletzt bearbeitet 21.11.2024 04:16:32
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
CVE-2019-0233
- EPSS 7.78%
- Veröffentlicht 14.09.2020 17:15:09
- Zuletzt bearbeitet 21.11.2024 04:16:33
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
CVE-2020-11022
- EPSS 2.39%
- Veröffentlicht 29.04.2020 22:15:11
- Zuletzt bearbeitet 13.04.2026 15:16:29
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in...
CVE-2019-11358
- EPSS 2.36%
- Veröffentlicht 20.04.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:56
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...
CVE-2015-9251
- EPSS 25.59%
- Veröffentlicht 18.01.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 02:40:09
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.