CVE-2020-17530
- EPSS 94.36%
- Veröffentlicht 11.12.2020 02:15:10
- Zuletzt bearbeitet 03.04.2025 16:07:29
Forced OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution. Affected software : Apache Struts 2.0.0 - Struts 2.5.25.
CVE-2019-0230
- EPSS 93.84%
- Veröffentlicht 14.09.2020 17:15:09
- Zuletzt bearbeitet 21.11.2024 04:16:32
Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
CVE-2019-0233
- EPSS 7.78%
- Veröffentlicht 14.09.2020 17:15:09
- Zuletzt bearbeitet 21.11.2024 04:16:33
An access permission override in Apache Struts 2.0.0 to 2.5.20 may cause a Denial of Service when performing a file upload.
CVE-2020-11022
- EPSS 22.55%
- Veröffentlicht 29.04.2020 22:15:11
- Zuletzt bearbeitet 21.11.2024 04:56:36
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This prob...
CVE-2019-11358
- EPSS 2.4%
- Veröffentlicht 20.04.2019 00:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:56
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the n...
CVE-2015-9251
- EPSS 9.84%
- Veröffentlicht 18.01.2018 23:29:00
- Zuletzt bearbeitet 21.11.2024 02:40:09
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.