halkichi0308

2 exploits Active since Jan 2018

CVE-2015-9251 NOMISEC MEDIUM STUB

jQuery < 3.0.0 - Cross-Site Scripting via Cross-Domain Ajax Request

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

9 stars

CVSS 6.1

View Code

CVE-2021-22880 NOMISEC HIGH SUSPICIOUS

Active Record <6.1.2.1, 6.0.3.5, 5.2.4.5 - DoS

The PostgreSQL adapter in Active Record before 6.1.2.1, 6.0.3.5, 5.2.4.5 suffers from a regular expression denial of service (REDoS) vulnerability. Carefully crafted input can cause the input validation in the `money` type of the PostgreSQL adapter in Active Record to spend too much time in a regular expression, resulting in the potential for a DoS attack. This only impacts Rails applications that are using PostgreSQL along with money type columns that take user input.

1 stars

CVSS 7.5

View Code