Snorlyd

7 exploits Active since Jul 2018
CVE-2020-11023 NOMISEC MEDIUM WRITEUP
jQuery <3.5.0 - XSS
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
1 stars
CVSS 6.9
CVE-2020-11022 NOMISEC MEDIUM WRITEUP
jQuery 1.12.0-3.4.1 - Cross-Site Scripting via DOM Manipulation Methods
In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
1 stars
CVSS 6.9
CVE-2018-14040 NOMISEC MEDIUM WRITEUP
Bootstrap <4.1.2 - XSS
In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.
1 stars
CVSS 6.1
CVE-2019-11358 NOMISEC MEDIUM WRITEUP
jQuery < 3.4.0 - Prototype Pollution via jQuery.extend
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
CVSS 6.1
CVE-2019-8331 NOMISEC MEDIUM WRITEUP
Bootstrap < 3.4.1 and 4.3.x < 4.3.1 - Cross-Site Scripting via Tooltip or Popover Data-Template Attribute
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
CVSS 6.1
CVE-2018-14042 NOMISEC MEDIUM WRITEUP
Bootstrap < 4.1.2 - Cross-Site Scripting via Tooltip Data-Container Property
In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.
CVSS 6.1
CVE-2018-14041 NOMISEC MEDIUM WRITEUP
Bootstrap 4.0.0-4.1.1 - Cross-Site Scripting via Scrollspy Data-Target Property
In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.
CVSS 6.1