|
1
|
"Project","ScanDate","DependencyName","DependencyPath","Description","License","Md5","Sha1","Identifiers","CPE","CVE","CWE","Vulnerability","Source","CVSSv2_Severity","CVSSv2_Score","CVSSv2","CVSSv3_BaseSeverity","CVSSv3_BaseScore","CVSSv3","CPE Confidence","Evidence Count","VendorProject","Product","Name","DateAdded","ShortDescription","RequiredAction","DueDate","Notes"
|
|
2
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",bootstrap-3.3.7-dist.zip: bootstrap.js,/home/tjd/.gradle/caches/modules-2/files-2.1/bootstrap/bootstrap/3.3.7/dcc4877a5d21de31f6947f477b90a3c57cab5db5/bootstrap-3.3.7-dist.zip/bootstrap-3.3.7-dist/js/bootstrap.js,"","",fb81549ee2896513a1ed5714b1b1a0f0,3b965a36a6b08854ad6eddedf85c5319fd392b4a,pkg:javascript/bootstrap@3.3.7,"",CVE-2016-10735,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
3
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",bootstrap-3.3.7-dist.zip: bootstrap.js,/home/tjd/.gradle/caches/modules-2/files-2.1/bootstrap/bootstrap/3.3.7/dcc4877a5d21de31f6947f477b90a3c57cab5db5/bootstrap-3.3.7-dist.zip/bootstrap-3.3.7-dist/js/bootstrap.js,"","",fb81549ee2896513a1ed5714b1b1a0f0,3b965a36a6b08854ad6eddedf85c5319fd392b4a,pkg:javascript/bootstrap@3.3.7,"",CVE-2018-14041,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
4
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",bootstrap-3.3.7-dist.zip: bootstrap.js,/home/tjd/.gradle/caches/modules-2/files-2.1/bootstrap/bootstrap/3.3.7/dcc4877a5d21de31f6947f477b90a3c57cab5db5/bootstrap-3.3.7-dist.zip/bootstrap-3.3.7-dist/js/bootstrap.js,"","",fb81549ee2896513a1ed5714b1b1a0f0,3b965a36a6b08854ad6eddedf85c5319fd392b4a,pkg:javascript/bootstrap@3.3.7,"",CVE-2018-14042,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
5
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",bootstrap-3.3.7-dist.zip: bootstrap.js,/home/tjd/.gradle/caches/modules-2/files-2.1/bootstrap/bootstrap/3.3.7/dcc4877a5d21de31f6947f477b90a3c57cab5db5/bootstrap-3.3.7-dist.zip/bootstrap-3.3.7-dist/js/bootstrap.js,"","",fb81549ee2896513a1ed5714b1b1a0f0,3b965a36a6b08854ad6eddedf85c5319fd392b4a,pkg:javascript/bootstrap@3.3.7,"",CVE-2018-20676,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
6
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",bootstrap-3.3.7-dist.zip: bootstrap.js,/home/tjd/.gradle/caches/modules-2/files-2.1/bootstrap/bootstrap/3.3.7/dcc4877a5d21de31f6947f477b90a3c57cab5db5/bootstrap-3.3.7-dist.zip/bootstrap-3.3.7-dist/js/bootstrap.js,"","",fb81549ee2896513a1ed5714b1b1a0f0,3b965a36a6b08854ad6eddedf85c5319fd392b4a,pkg:javascript/bootstrap@3.3.7,"",CVE-2018-20677,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
7
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",bootstrap-3.3.7-dist.zip: bootstrap.js,/home/tjd/.gradle/caches/modules-2/files-2.1/bootstrap/bootstrap/3.3.7/dcc4877a5d21de31f6947f477b90a3c57cab5db5/bootstrap-3.3.7-dist.zip/bootstrap-3.3.7-dist/js/bootstrap.js,"","",fb81549ee2896513a1ed5714b1b1a0f0,3b965a36a6b08854ad6eddedf85c5319fd392b4a,pkg:javascript/bootstrap@3.3.7,"",CVE-2019-8331,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
8
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",bootstrap-3.3.7-dist.zip: bootstrap.js,/home/tjd/.gradle/caches/modules-2/files-2.1/bootstrap/bootstrap/3.3.7/dcc4877a5d21de31f6947f477b90a3c57cab5db5/bootstrap-3.3.7-dist.zip/bootstrap-3.3.7-dist/js/bootstrap.js,"","",fb81549ee2896513a1ed5714b1b1a0f0,3b965a36a6b08854ad6eddedf85c5319fd392b4a,pkg:javascript/bootstrap@3.3.7,"",Bootstrap before 4.0.0 is end-of-life and no longer maintained.,"",Bootstrap before 4.0.0 is end-of-life and no longer maintained.,RETIREJS,"","","","","","",HIGHEST,3,"","","","","","","",""
|
|
9
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",bootstrap-3.3.7-dist.zip: bootstrap.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/bootstrap/bootstrap/3.3.7/dcc4877a5d21de31f6947f477b90a3c57cab5db5/bootstrap-3.3.7-dist.zip/bootstrap-3.3.7-dist/js/bootstrap.min.js,"","",5869c96cc8f19086aee625d670d741f9,430a443d74830fe9be26efca431f448c1b3740f9,pkg:javascript/bootstrap@3.3.7,"",CVE-2016-10735,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
10
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",bootstrap-3.3.7-dist.zip: bootstrap.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/bootstrap/bootstrap/3.3.7/dcc4877a5d21de31f6947f477b90a3c57cab5db5/bootstrap-3.3.7-dist.zip/bootstrap-3.3.7-dist/js/bootstrap.min.js,"","",5869c96cc8f19086aee625d670d741f9,430a443d74830fe9be26efca431f448c1b3740f9,pkg:javascript/bootstrap@3.3.7,"",CVE-2018-14041,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
11
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",bootstrap-3.3.7-dist.zip: bootstrap.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/bootstrap/bootstrap/3.3.7/dcc4877a5d21de31f6947f477b90a3c57cab5db5/bootstrap-3.3.7-dist.zip/bootstrap-3.3.7-dist/js/bootstrap.min.js,"","",5869c96cc8f19086aee625d670d741f9,430a443d74830fe9be26efca431f448c1b3740f9,pkg:javascript/bootstrap@3.3.7,"",CVE-2018-14042,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
12
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",bootstrap-3.3.7-dist.zip: bootstrap.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/bootstrap/bootstrap/3.3.7/dcc4877a5d21de31f6947f477b90a3c57cab5db5/bootstrap-3.3.7-dist.zip/bootstrap-3.3.7-dist/js/bootstrap.min.js,"","",5869c96cc8f19086aee625d670d741f9,430a443d74830fe9be26efca431f448c1b3740f9,pkg:javascript/bootstrap@3.3.7,"",CVE-2018-20676,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
13
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",bootstrap-3.3.7-dist.zip: bootstrap.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/bootstrap/bootstrap/3.3.7/dcc4877a5d21de31f6947f477b90a3c57cab5db5/bootstrap-3.3.7-dist.zip/bootstrap-3.3.7-dist/js/bootstrap.min.js,"","",5869c96cc8f19086aee625d670d741f9,430a443d74830fe9be26efca431f448c1b3740f9,pkg:javascript/bootstrap@3.3.7,"",CVE-2018-20677,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
14
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",bootstrap-3.3.7-dist.zip: bootstrap.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/bootstrap/bootstrap/3.3.7/dcc4877a5d21de31f6947f477b90a3c57cab5db5/bootstrap-3.3.7-dist.zip/bootstrap-3.3.7-dist/js/bootstrap.min.js,"","",5869c96cc8f19086aee625d670d741f9,430a443d74830fe9be26efca431f448c1b3740f9,pkg:javascript/bootstrap@3.3.7,"",CVE-2019-8331,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
15
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",bootstrap-3.3.7-dist.zip: bootstrap.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/bootstrap/bootstrap/3.3.7/dcc4877a5d21de31f6947f477b90a3c57cab5db5/bootstrap-3.3.7-dist.zip/bootstrap-3.3.7-dist/js/bootstrap.min.js,"","",5869c96cc8f19086aee625d670d741f9,430a443d74830fe9be26efca431f448c1b3740f9,pkg:javascript/bootstrap@3.3.7,"",Bootstrap before 4.0.0 is end-of-life and no longer maintained.,"",Bootstrap before 4.0.0 is end-of-life and no longer maintained.,RETIREJS,"","","","","","",HIGHEST,3,"","","","","","","",""
|
|
16
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",codegen-2.2.3.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/org.eclipse.emf/codegen/2.2.3/c59069bb7a2a2796bd41e3040376d6e5dcaaa7c2/codegen-2.2.3.jar,"","",a07d220313cf4abf61aea31ee9fb4cd1,c59069bb7a2a2796bd41e3040376d6e5dcaaa7c2,pkg:maven/org.eclipse.emf/codegen@2.2.3,cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*,CVE-2023-4218,CWE-611 Improper Restriction of XML External Entity Reference,In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).,NVD,"","","",MEDIUM,5.0,CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:1.3/RC:R/MAV:A,HIGHEST,31,"","","","","","","",""
|
|
17
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",codegen-ecore-2.2.3.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/org.eclipse.emf/codegen-ecore/2.2.3/6dc715f89dff752e054410a29382b671f130cd82/codegen-ecore-2.2.3.jar,"","",0b797ef45f54aed0cbc3f7c9ff5e5a06,6dc715f89dff752e054410a29382b671f130cd82,pkg:maven/org.eclipse.emf/codegen-ecore@2.2.3,cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*,CVE-2023-4218,CWE-611 Improper Restriction of XML External Entity Reference,In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).,NVD,"","","",MEDIUM,5.0,CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:1.3/RC:R/MAV:A,HIGHEST,36,"","","","","","","",""
|
|
18
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",common-2.2.3.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/org.eclipse.emf/common/2.2.3/8f86fa5cceebc68d6f8b6c212fbf5ab7b8dcfbd2/common-2.2.3.jar,"","",7e4d452aa2e9f754af2ac04656cd7e0d,8f86fa5cceebc68d6f8b6c212fbf5ab7b8dcfbd2,pkg:maven/org.eclipse.emf/common@2.2.3,cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*,CVE-2023-4218,CWE-611 Improper Restriction of XML External Entity Reference,In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).,NVD,"","","",MEDIUM,5.0,CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:1.3/RC:R/MAV:A,HIGHEST,31,"","","","","","","",""
|
|
19
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",commons-httpclient-3.1.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/commons-httpclient/commons-httpclient/3.1/964cd74171f427720480efdec40a7c7f6e58426a/commons-httpclient-3.1.jar,"","",8ad8c9229ef2d59ab9f59f7050e846a5,964cd74171f427720480efdec40a7c7f6e58426a,pkg:maven/commons-httpclient/commons-httpclient@3.1,"cpe:2.3:a:apache:commons-httpclient:3.1:*:*:*:*:*:*:*, cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*",CVE-2012-5783,CWE-295 Improper Certificate Validation,"Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments Service (FPS) merchant Java SDK and other products, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",NVD,MEDIUM,5.8,/AV:N/AC:M/Au:N/C:P/I:P/A:N,"","","",HIGHEST,22,"","","","","","","",""
|
|
20
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",commons-httpclient-3.1.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/commons-httpclient/commons-httpclient/3.1/964cd74171f427720480efdec40a7c7f6e58426a/commons-httpclient-3.1.jar,"","",8ad8c9229ef2d59ab9f59f7050e846a5,964cd74171f427720480efdec40a7c7f6e58426a,pkg:maven/commons-httpclient/commons-httpclient@3.1,"cpe:2.3:a:apache:commons-httpclient:3.1:*:*:*:*:*:*:*, cpe:2.3:a:apache:httpclient:3.1:*:*:*:*:*:*:*",CVE-2020-13956,NVD-CWE-noinfo,Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.,NVD,MEDIUM,5.0,/AV:N/AC:L/Au:N/C:N/I:P/A:N,MEDIUM,5.3,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:3.9/RC:R/MAV:A,HIGHEST,22,"","","","","","","",""
|
|
21
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",dom4j-1.6.1.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/dom4j/dom4j/1.6.1/5d3ccc056b6f056dbf0dddfdf43894b9065a8f94/dom4j-1.6.1.jar,"","",4d8f51d3fe3900efc6e395be48030d6d,5d3ccc056b6f056dbf0dddfdf43894b9065a8f94,pkg:maven/dom4j/dom4j@1.6.1,cpe:2.3:a:dom4j_project:dom4j:1.6.1:*:*:*:*:*:*:*,CVE-2020-10683,CWE-611 Improper Restriction of XML External Entity Reference,"dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.",NVD,HIGH,7.5,/AV:N/AC:L/Au:N/C:P/I:P/A:P,CRITICAL,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A,HIGHEST,16,"","","","","","","",""
|
|
22
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",dom4j-1.6.1.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/dom4j/dom4j/1.6.1/5d3ccc056b6f056dbf0dddfdf43894b9065a8f94/dom4j-1.6.1.jar,"","",4d8f51d3fe3900efc6e395be48030d6d,5d3ccc056b6f056dbf0dddfdf43894b9065a8f94,pkg:maven/dom4j/dom4j@1.6.1,cpe:2.3:a:dom4j_project:dom4j:1.6.1:*:*:*:*:*:*:*,CVE-2018-1000632,CWE-91 XML Injection (aka Blind XPath Injection),"dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.",OSSINDEX,"","","",HIGH,7.5,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N,HIGHEST,16,"","","","","","","",""
|
|
23
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",ecore-2.2.3.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/org.eclipse.emf/ecore/2.2.3/754ea89fe0cd6342e5698be088974c40380d2a9a/ecore-2.2.3.jar,"","",cac28d9ea8648188967ce1e4e2fdc6fa,754ea89fe0cd6342e5698be088974c40380d2a9a,pkg:maven/org.eclipse.emf/ecore@2.2.3,cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*,CVE-2023-4218,CWE-611 Improper Restriction of XML External Entity Reference,In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).,NVD,"","","",MEDIUM,5.0,CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:1.3/RC:R/MAV:A,HIGHEST,33,"","","","","","","",""
|
|
24
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",ecore-change-2.2.3.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/org.eclipse.emf/ecore-change/2.2.3/5395da9d4e2c207b47e2b2836aa14c787e4a58da/ecore-change-2.2.3.jar,"","",1f27e56f6a9b43fdf88065b88ac45602,5395da9d4e2c207b47e2b2836aa14c787e4a58da,pkg:maven/org.eclipse.emf/ecore-change@2.2.3,cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*,CVE-2023-4218,CWE-611 Improper Restriction of XML External Entity Reference,In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).,NVD,"","","",MEDIUM,5.0,CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:1.3/RC:R/MAV:A,HIGHEST,35,"","","","","","","",""
|
|
25
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",ecore-xmi-2.2.3.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/org.eclipse.emf/ecore-xmi/2.2.3/96a769f71f4c376968eca149f380836a3b584697/ecore-xmi-2.2.3.jar,"","",3ad815f09477ef985b7170a146e3fa09,96a769f71f4c376968eca149f380836a3b584697,pkg:maven/org.eclipse.emf/ecore-xmi@2.2.3,cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*,CVE-2023-4218,CWE-611 Improper Restriction of XML External Entity Reference,In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).,NVD,"","","",MEDIUM,5.0,CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:1.3/RC:R/MAV:A,HIGHEST,35,"","","","","","","",""
|
|
26
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",fwd-h2-1.40-trunk.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/com.goldencode/fwd-h2/1.40-trunk/854bc51b203f06a95203d1f65b3ed19cb4b0060e/fwd-h2-1.40-trunk.jar,"",https://h2database.com/html/license.html,cb9ebcbf36be553fc967fa98c047ae7b,854bc51b203f06a95203d1f65b3ed19cb4b0060e,pkg:maven/com.goldencode/fwd-h2@1.40-trunk,cpe:2.3:a:h2database:h2:1.40:*:*:*:*:*:*:*,CVE-2021-42392,CWE-502 Deserialization of Untrusted Data,"The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.",NVD,HIGH,10.0,/AV:N/AC:L/Au:N/C:C/I:C/A:C,CRITICAL,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A,HIGHEST,34,"","","","","","","",""
|
|
27
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",fwd-h2-1.40-trunk.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/com.goldencode/fwd-h2/1.40-trunk/854bc51b203f06a95203d1f65b3ed19cb4b0060e/fwd-h2-1.40-trunk.jar,"",https://h2database.com/html/license.html,cb9ebcbf36be553fc967fa98c047ae7b,854bc51b203f06a95203d1f65b3ed19cb4b0060e,pkg:maven/com.goldencode/fwd-h2@1.40-trunk,cpe:2.3:a:h2database:h2:1.40:*:*:*:*:*:*:*,CVE-2022-23221,CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection'),"H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.",NVD,HIGH,10.0,/AV:N/AC:L/Au:N/C:C/I:C/A:C,CRITICAL,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A,HIGHEST,34,"","","","","","","",""
|
|
28
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",fwd-h2-1.40-trunk.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/com.goldencode/fwd-h2/1.40-trunk/854bc51b203f06a95203d1f65b3ed19cb4b0060e/fwd-h2-1.40-trunk.jar,"",https://h2database.com/html/license.html,cb9ebcbf36be553fc967fa98c047ae7b,854bc51b203f06a95203d1f65b3ed19cb4b0060e,pkg:maven/com.goldencode/fwd-h2@1.40-trunk,cpe:2.3:a:h2database:h2:1.40:*:*:*:*:*:*:*,CVE-2021-23463,CWE-611 Improper Restriction of XML External Entity Reference,"The package com.h2database:h2 from 1.4.198 and before 2.0.202 are vulnerable to XML External Entity (XXE) Injection via the org.h2.jdbc.JdbcSQLXML class object, when it receives parsed string data from org.h2.jdbc.JdbcResultSet.getSQLXML() method. If it executes the getSource() method when the parameter is DOMSource.class it will trigger the vulnerability.",NVD,MEDIUM,6.4,/AV:N/AC:L/Au:N/C:P/I:N/A:P,CRITICAL,9.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:3.9/RC:R/MAV:A,HIGHEST,34,"","","","","","","",""
|
|
29
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",fwd-h2-1.40-trunk.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/com.goldencode/fwd-h2/1.40-trunk/854bc51b203f06a95203d1f65b3ed19cb4b0060e/fwd-h2-1.40-trunk.jar,"",https://h2database.com/html/license.html,cb9ebcbf36be553fc967fa98c047ae7b,854bc51b203f06a95203d1f65b3ed19cb4b0060e,pkg:maven/com.goldencode/fwd-h2@1.40-trunk,cpe:2.3:a:h2database:h2:1.40:*:*:*:*:*:*:*,CVE-2022-45868,CWE-312 Cleartext Storage of Sensitive Information,"The web-based admin console in H2 Database Engine through 2.1.214 can be started via the CLI with the argument -webAdminPassword, which allows the user to specify the password in cleartext for the web admin console. Consequently, a local user (or an attacker that has obtained local access through some means) would be able to discover the password by listing processes and their arguments. NOTE: the vendor states ""This is not a vulnerability of H2 Console ... Passwords should never be passed on the command line and every qualified DBA or system administrator is expected to know that.""",NVD,"","","",HIGH,7.8,CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:1.8/RC:R/MAV:A,HIGHEST,34,"","","","","","","",""
|
|
30
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",fwd-imageio-bmp-3.1.2.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/com.twelvemonkeys.imageio/fwd-imageio-bmp/3.1.2/244658d99da7b62312602e2fa757aa3ee4aaf193/fwd-imageio-bmp-3.1.2.jar,ImageIO plugin for Microsoft Device Independent Bitmap (BMP/DIB) format.,"",17f59931512991d102ffdd2b7c63108b,244658d99da7b62312602e2fa757aa3ee4aaf193,pkg:maven/com.twelvemonkeys.imageio/fwd-imageio-bmp@3.1.2,cpe:2.3:a:twelvemonkeys_project:twelvemonkeys:3.1.2:*:*:*:*:*:*:*,CVE-2021-23792,CWE-611 Improper Restriction of XML External Entity Reference,"The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered.",NVD,HIGH,7.5,/AV:N/AC:L/Au:N/C:P/I:P/A:P,CRITICAL,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A,HIGH,27,"","","","","","","",""
|
|
31
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gremlin-shaded-3.7.0.jar (shaded: com.fasterxml.jackson.core:jackson-databind:2.15.2),/home/tjd/.gradle/caches/modules-2/files-2.1/org.apache.tinkerpop/gremlin-shaded/3.7.0/bd140102a3a474b54a35c24bc400be58cd42bc63/gremlin-shaded-3.7.0.jar/META-INF/maven/com.fasterxml.jackson.core/jackson-databind/pom.xml,General data-binding functionality for Jackson: works on core streaming API,"The Apache Software License, Version 2.0: https://www.apache.org/licenses/LICENSE-2.0.txt",07fbb2e4e4728d273e8680e1a08b6b02,aa7009c05985af917eed65e44e7b9c1020c8bf6f,pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.15.2,"cpe:2.3:a:fasterxml:jackson-databind:2.15.2:*:*:*:*:*:*:*, cpe:2.3:a:fasterxml:jackson-modules-java8:2.15.2:*:*:*:*:*:*:*",CVE-2023-35116,CWE-770 Allocation of Resources Without Limits or Throttling,"jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.",NVD,"","","",MEDIUM,4.7,CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:1.0/RC:R/MAV:A,HIGH,15,"","","","","","","",""
|
|
32
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-1.0.1.jar: bootstrap-3.4.1.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3/1.0.1/2b7630d3a1da59c54dbc493ca240f2ae5f0542de/gwtbootstrap3-1.0.1.jar/org/gwtbootstrap3/client/resource/js/bootstrap-3.4.1.min.cache.js,"","",2f34b630ffe30ba2ff2b91e3f3c322a1,b16fd8226bd6bfb08e568f1b1d0a21d60247cefb,pkg:javascript/bootstrap@3.4.1.min.cache,"",Bootstrap before 4.0.0 is end-of-life and no longer maintained.,"",Bootstrap before 4.0.0 is end-of-life and no longer maintained.,RETIREJS,"","","","","","",HIGHEST,3,"","","","","","","",""
|
|
33
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-1.0.1.jar: jquery-1.12.4.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3/1.0.1/2b7630d3a1da59c54dbc493ca240f2ae5f0542de/gwtbootstrap3-1.0.1.jar/org/gwtbootstrap3/client/resource/js/jquery-1.12.4.min.cache.js,"","",4f252523d4af0b478c810c2547a63e19,5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb,pkg:javascript/jquery@1.12.4.min.cache,"",CVE-2015-9251,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
34
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-1.0.1.jar: jquery-1.12.4.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3/1.0.1/2b7630d3a1da59c54dbc493ca240f2ae5f0542de/gwtbootstrap3-1.0.1.jar/org/gwtbootstrap3/client/resource/js/jquery-1.12.4.min.cache.js,"","",4f252523d4af0b478c810c2547a63e19,5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb,pkg:javascript/jquery@1.12.4.min.cache,"",CVE-2019-11358,CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'),"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
35
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-1.0.1.jar: jquery-1.12.4.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3/1.0.1/2b7630d3a1da59c54dbc493ca240f2ae5f0542de/gwtbootstrap3-1.0.1.jar/org/gwtbootstrap3/client/resource/js/jquery-1.12.4.min.cache.js,"","",4f252523d4af0b478c810c2547a63e19,5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb,pkg:javascript/jquery@1.12.4.min.cache,"",CVE-2020-11022,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
36
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-1.0.1.jar: jquery-1.12.4.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3/1.0.1/2b7630d3a1da59c54dbc493ca240f2ae5f0542de/gwtbootstrap3-1.0.1.jar/org/gwtbootstrap3/client/resource/js/jquery-1.12.4.min.cache.js,"","",4f252523d4af0b478c810c2547a63e19,5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb,pkg:javascript/jquery@1.12.4.min.cache,"",CVE-2020-11023,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
37
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-1.0.1.jar: jquery-1.12.4.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3/1.0.1/2b7630d3a1da59c54dbc493ca240f2ae5f0542de/gwtbootstrap3-1.0.1.jar/org/gwtbootstrap3/client/resource/js/jquery-1.12.4.min.cache.js,"","",4f252523d4af0b478c810c2547a63e19,5a9dcfbef655a2668e78baebeaa8dc6f41d8dabb,pkg:javascript/jquery@1.12.4.min.cache,"",jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates,"",jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates,RETIREJS,"","","","","","",HIGHEST,3,"","","","","","","",""
|
|
38
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: bootstrap-select-1.12.4.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/bootstrap-select-1.12.4.min.cache.js,"","",08c22600590b700e7d2a6b417c958c19,2bcecfc314286c88c409447c4f12073ca82a0390,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
39
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-ar_AR.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-ar_AR.js,"","",3c51860bb466e2cb8afb1c8dad1e200b,cb1469ccd72c2a318d8094923b6febbcab29c63d,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
40
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-ar_AR.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-ar_AR.min.js,"","",398b067166da98645b3242fa764af9e1,785544bc1d002dc063b4c8ee186bb96f4a3e1abc,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
41
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-bg_BG.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-bg_BG.js,"","",cf1f3bd70e59dbf7e33fb70d9a7218fa,58a455fbe5ea397730dbaa3c2de5a13da1e56120,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
42
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-bg_BG.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-bg_BG.min.js,"","",39df281b5b68b9456ebf269207a220e4,88beb73c32a7d1dfafc631ebec111de955f60981,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
43
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-cro_CRO.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-cro_CRO.js,"","",6b369ef037cffd28eda8e7a604f16137,a4df1f217ecacaf608022c58ed48788b44ced8b4,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
44
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-cro_CRO.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-cro_CRO.min.js,"","",ec2aee5290ad89590fa76426cf6393c6,75f91e67664ecdc71d583eb8abce4ae5fe0a78f8,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
45
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-cs_CZ.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-cs_CZ.js,"","",28542b813576f07cc9d8855afbb51ffe,48a7532fb81fe7ced4ca3394444c75ac0cbdc6e6,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
46
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-cs_CZ.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-cs_CZ.min.js,"","",9e54965b8b22b2b54b2c133510096a08,9cd702b44cec876fde9ade60fb43bd6adbed9555,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
47
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-da_DK.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-da_DK.js,"","",a3b0d7008130f2a83116d92060c7f7b5,ef2a7e94483f84058ab9882a91145e400bf74a31,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
48
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-da_DK.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-da_DK.min.js,"","",9b4eb76a144c4c04a4a15e1d82d64440,93404a3e85479fb5cc1d9f448fbc8c4941931f4b,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
49
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-de_DE.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-de_DE.js,"","",546144d7ebc3c762fed6ae3d55e15408,3cfc1506c4dfd4de7e21f11b55679610c68488ae,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
50
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-de_DE.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-de_DE.min.js,"","",94bfc330588cfd3ac1f187f04854f7a1,e9c64a3e792d5053d26c6dad0eaa665d03faabc3,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
51
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-en_US.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-en_US.js,"","",62a78bdbe29e3134dc34da2dbc99dbbd,1de178a31277c91d32f4cf2113c2f11c650715ee,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
52
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-en_US.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-en_US.min.js,"","",e0df95b5d67df3ee8b4c77c67d58e9c2,501ba2e1c21bd6d62310ffeb9baa9bf65dc7c289,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
53
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-es_CL.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-es_CL.js,"","",3113995f4c481a86de7a3d118e2c14cd,ada6303bd8daace0572c5e894f0033efaef73845,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
54
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-es_CL.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-es_CL.min.js,"","",80a72f225fd3e61d4d1616d19958fe0c,421ab5215705aa2f3ab49daf2a8413415145e8de,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
55
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-et_EE.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-et_EE.js,"","",1784dc99d4d8023c840ae9b53c707070,3263dd669d079b05e0968c003873164feef521b1,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
56
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-et_EE.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-et_EE.min.js,"","",5636bbcf32a4e438e63be87aae474dac,d089d336f0dd3215bc9e59119b11b516cd3a40a4,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
57
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-eu.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-eu.js,"","",c326823ad0ab440e57fcf43df42f9c8b,6962625b8395900b85aa39d4732bd2f9afda6a84,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
58
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-eu.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-eu.min.js,"","",281a1634da1ea8fa83714df69eadc4a4,bc530346d9048f6389d62dbadaa7c6594798a83d,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
59
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-fa_IR.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-fa_IR.js,"","",1f4920666ef7cf3c514960a3f1a7bf88,097b32457fe7fe57451aeef3369723198eb9208f,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
60
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-fa_IR.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-fa_IR.min.js,"","",4078f4bf984a7864d82896ba4685c00b,9686f8b3b8fb30fa3429563b0878509e2f79f512,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
61
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-fi_FI.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-fi_FI.js,"","",0fe818d3f15d3905c3f90fdedf88f4ec,bc97496ef7918d0a60b621d646bdd00cb4151f23,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
62
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-fi_FI.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-fi_FI.min.js,"","",2bea105e5d8fd3d04225480cc5474d7e,cca37aa5e6b687c5cd4b80bc0a411c8a52cc50e9,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
63
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-fr_FR.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-fr_FR.js,"","",c9961027b70d117d53e4389cbe58da22,ef92d288b2d4c907663c9953bcf728cd724984bf,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
64
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-fr_FR.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-fr_FR.min.js,"","",d9ae85a431b399991ce04f7813b02c67,3cc4b7af6fd806389b7aa96fa8e0e912435ed1f2,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
65
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-hu_HU.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-hu_HU.js,"","",5cb5709d23d67f8e8d3f5230df0f91d8,8adeda05140b530b16b5d9ebff502768c2b913cd,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
66
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-hu_HU.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-hu_HU.min.js,"","",6139e789f3105668ec6b7c83c64ebf5e,e783c97da89422470ae18362e37525ab7e1de31c,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
67
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-id_ID.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-id_ID.js,"","",0cb7ca3363d84f32742aca9f986f9618,c680af174034aea76480f7a338922f792a5969c5,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
68
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-id_ID.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-id_ID.min.js,"","",6945d8f5ea8bc281104735c76354203f,f44d1636a4d83fc9eb0e5be398699265c039d5eb,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
69
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-it_IT.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-it_IT.js,"","",0a57f29664ba4b44507254b473eb4ce7,67eb20a489b77d4deca042cf55dac91dded1d03b,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
70
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-it_IT.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-it_IT.min.js,"","",58d92783c046aac86d85035c562bb1b1,1fedd8cc587b20bc3d1acfabe1d4153507463564,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
71
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-ja_JP.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-ja_JP.js,"","",76beaa8deea56f6ff3f662f340708912,fc0b7fd3ac9b71ca69c6fac0826bd0dc38d49dd6,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
72
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-ja_JP.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-ja_JP.min.js,"","",7bcce02c9630f5382397b18bd538bbd0,d49a0be96f8ce0260e13cdbfaa34c2977757e50c,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
73
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-kh_KM.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-kh_KM.js,"","",e9a1cc890983484023c4d4ccf866c2e5,70fa52ed64f33257ddb88d8802eb1a6aaa5c32f5,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
74
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-kh_KM.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-kh_KM.min.js,"","",308b334c87cc94c04ad6c1c1dea1e5bd,0eab19aff01aef1800b0fcaf39f2fcc6f7748929,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
75
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-ko_KR.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-ko_KR.js,"","",8dc85f05b7986edecfaf314b4e97f33e,7da618a633b3a5608489491e6c8bec8b2ca008e4,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
76
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-ko_KR.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-ko_KR.min.js,"","",7b3da10df610d23fadae3b0f282662f1,46157c7aec4090abf18f65c6cb670e4b83a01e17,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
77
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-lt_LT.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-lt_LT.js,"","",16f487dd50c27c488abccd9abd531686,096cc6ca3101f934fadaf20a126d220d5f2fc22a,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
78
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-lt_LT.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-lt_LT.min.js,"","",00086ef2017597a96b1271186215e33a,94dca3ce803c14b0c96354a2927d16e851bcceec,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
79
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-nb_NO.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-nb_NO.js,"","",8b7125deb0d9dcdbf12a53e5fec0aa3e,208cca3efff707ee4d32be7dc6ab607c46988f74,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
80
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-nb_NO.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-nb_NO.min.js,"","",c86c374eae56a74745ea84fbd57fd292,9c314e6185ad88281de34a768f83af0dbea3bc3c,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
81
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-nl_NL.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-nl_NL.js,"","",bb9815055292f8345d4938e67dc9f5ca,bee14f0f48b28ce206b575aa777f243f2326f307,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
82
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-nl_NL.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-nl_NL.min.js,"","",8aa3d12ed0802caf01e97ea316f43640,38195b1ae0e0e16bbf57efb8bef68c20e81e100f,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
83
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-pl_PL.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-pl_PL.js,"","",b2590122c0dea9bc8811fc6a6b4b60e6,616464e8d51a99063fe4a5298cf98ba59d944736,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
84
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-pl_PL.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-pl_PL.min.js,"","",c64ef580ef9613e7cd2311f700a16276,5314cd848cfee848d22b4745ededeced23e37015,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
85
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-pt_BR.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-pt_BR.js,"","",8374c573759d9c51ffbf4092a1ddb33f,0e0eb777973d58a10e2157566948a53d86ee737b,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
86
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-pt_BR.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-pt_BR.min.js,"","",12153518bc1250f7473eea386121833b,abceecc2c4697f7ac085872ef5448cb7c558e3e3,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
87
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-pt_PT.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-pt_PT.js,"","",6f02dc4ff1a28bf00de37597fa2e1c2e,7fb81b17954615cf0f131eee887e28273d9de176,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
88
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-pt_PT.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-pt_PT.min.js,"","",327479313e7ca8aaf9c75fb7ccc310fc,76a75fefafd40f1875eed7218d2ba4b3469d191b,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
89
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-ro_RO.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-ro_RO.js,"","",ca9aa2d64c60cfdb2586d224d6938d2f,0ba6b3469566b212b554f73848a6ff130f89aa76,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
90
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-ro_RO.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-ro_RO.min.js,"","",f52a059924c76ec099f90293fd66c18d,dcb4955a0ebb383a429c1dcf1fb4e5991715d72f,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
91
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-ru_RU.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-ru_RU.js,"","",be877ab7c05196d89472939534bece69,37cec7ebe9fe80613c57b80d8de6939c68b9e927,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
92
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-ru_RU.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-ru_RU.min.js,"","",84e8d549ec59b595cc13c629a38ff25e,0b611ae6ba1af9fa371bc9d564e110394380edd1,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
93
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-sk_SK.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-sk_SK.js,"","",d270e559329792a7adf07ded4695341c,f71cbd5e5d10d1c93e16953658a13b172c87b04c,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
94
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-sk_SK.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-sk_SK.min.js,"","",32a6bf87bb6c292d0f529e5ba3020f0c,cc17e161b95c4bf040b5f122c8c1d4a813da5055,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
95
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-sl_SI.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-sl_SI.js,"","",d0713d0db39656aee1c521e9b1e59eba,c2f66fa7591b022d4c4241de7889d3fc7f3e1b87,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
96
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-sl_SI.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-sl_SI.min.js,"","",be961681923c32c5ec5d269e2e8b20e1,951459670e221a7f19bb25fa219bf86665c47dff,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
97
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-sv_SE.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-sv_SE.js,"","",ebb55ac8edb8e1062fbbb9fab41d5fac,e8699948d64ce78c6ed97d8be91ba03fd232bea1,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
98
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-sv_SE.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-sv_SE.min.js,"","",040768bc5cf99c53cb2849aa2181e130,1d8689538cc06e8955ce9f2826c3d92750a9d6ad,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
99
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-tr_TR.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-tr_TR.js,"","",1c228f674e077f31e696345fc972c285,13e99cd79aa57aa8ee2b85c61f8686109b42f16b,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
100
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-tr_TR.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-tr_TR.min.js,"","",dc1094d2db8b3464e07dececd97ed637,8d04d572d4654b07d71f08f11b0b271bd8c054af,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
101
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-ua_UA.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-ua_UA.js,"","",d7d1a39072ce41b763d831c4bcfb2e4d,985d907070c30cfb3e9193814594dedf3587361f,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
102
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-ua_UA.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-ua_UA.min.js,"","",78608f3ddf6f892851bf5d986bf97ca6,32b09e9a36ac556ba86cdb28edd906339dae0129,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
103
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-vi_VN.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-vi_VN.js,"","",507b837d63263334d8ffe886d9729814,889532bb4505f9a7170490ab66899ec87cfbc673,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
104
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-vi_VN.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-vi_VN.min.js,"","",c02d5fc389117c0f3c74f7337e593e10,586d556012bc2f6da08e643683136131df3055c6,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
105
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-zh_CN.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-zh_CN.js,"","",2149043a1e65c8d70778b33947fe605c,af84167b58987b3f2e28b5490e2c85d956366d75,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
106
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-zh_CN.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-zh_CN.min.js,"","",72bbac199fab183db91f5fa3349e7367,482c8dd54b570cff8cdaa83c82ba318cf5533f5f,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
107
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-zh_TW.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-zh_TW.js,"","",dcbf2039aad0eb977c0e10e019c948f3,2d6d3055b77e945d3c742259a65d576032af592a,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
108
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: defaults-zh_TW.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/select/client/resource/js/i18n.cache.1.12.4/defaults-zh_TW.min.js,"","",1b1620497af1df5c3aa44ee596162bdc,cb5fdcf4b267c6b3bc14c4ad046ab7feb9ffea91,pkg:javascript/bootstrap-select@1.12.4,"",CVE-2019-20921,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.,NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
109
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: jquery-ui-1.11.2.custom.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/fullcalendar/client/resource/js/jquery-ui-1.11.2.custom.min.cache.js,"","",8591e924ab11c7632cc3cb9a7a8e5e77,f9a3d0cb9ba200fb423e33930f5441751ea39721,pkg:javascript/jquery-ui@1.11.2,"",CVE-2021-41182,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
110
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: jquery-ui-1.11.2.custom.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/fullcalendar/client/resource/js/jquery-ui-1.11.2.custom.min.cache.js,"","",8591e924ab11c7632cc3cb9a7a8e5e77,f9a3d0cb9ba200fb423e33930f5441751ea39721,pkg:javascript/jquery-ui@1.11.2,"",CVE-2021-41183,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
111
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: jquery-ui-1.11.2.custom.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/fullcalendar/client/resource/js/jquery-ui-1.11.2.custom.min.cache.js,"","",8591e924ab11c7632cc3cb9a7a8e5e77,f9a3d0cb9ba200fb423e33930f5441751ea39721,pkg:javascript/jquery-ui@1.11.2,"",CVE-2021-41184,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
112
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: jquery-ui-1.11.2.custom.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/fullcalendar/client/resource/js/jquery-ui-1.11.2.custom.min.cache.js,"","",8591e924ab11c7632cc3cb9a7a8e5e77,f9a3d0cb9ba200fb423e33930f5441751ea39721,pkg:javascript/jquery-ui@1.11.2,"",CVE-2022-31160,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( ""refresh"" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.",NVD,"","","",MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
113
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: moment-2.9.0.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/fullcalendar/client/resource/js/moment-2.9.0.min.cache.js,"","",85e5d41eb9c451c16d4e784aec13d948,851e2df2acd5f0bc4ef10fcf2f50c17f7aa09c1f,pkg:javascript/moment.js@2.9.0.min.cache,"",CVE-2017-18214,CWE-400 Uncontrolled Resource Consumption,"The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via a crafted date string, a different vulnerability than CVE-2016-4055.",NVD,MEDIUM,5.0,/AV:N/AC:L/Au:N/C:N/I:N/A:P,HIGH,7.5,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
114
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: moment-2.9.0.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/fullcalendar/client/resource/js/moment-2.9.0.min.cache.js,"","",85e5d41eb9c451c16d4e784aec13d948,851e2df2acd5f0bc4ef10fcf2f50c17f7aa09c1f,pkg:javascript/moment.js@2.9.0.min.cache,"",CVE-2022-24785,"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), CWE-27 Path Traversal: 'dir/../../filename'","Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js.",NVD,MEDIUM,5.0,/AV:N/AC:L/Au:N/C:N/I:P/A:N,HIGH,7.5,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:3.9/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
115
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: moment-2.9.0.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/fullcalendar/client/resource/js/moment-2.9.0.min.cache.js,"","",85e5d41eb9c451c16d4e784aec13d948,851e2df2acd5f0bc4ef10fcf2f50c17f7aa09c1f,pkg:javascript/moment.js@2.9.0.min.cache,"",CVE-2016-4055,CWE-400 Uncontrolled Resource Consumption,"The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a ""regular expression Denial of Service (ReDoS).""",NVD,HIGH,7.8,/AV:N/AC:L/Au:N/C:N/I:N/A:C,MEDIUM,6.5,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
116
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: moment-2.9.0.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/fullcalendar/client/resource/js/moment-2.9.0.min.cache.js,"","",85e5d41eb9c451c16d4e784aec13d948,851e2df2acd5f0bc4ef10fcf2f50c17f7aa09c1f,pkg:javascript/moment.js@2.9.0.min.cache,"",Regular Expression Denial of Service (ReDoS),"",Regular Expression Denial of Service (ReDoS),RETIREJS,"","","","","","",HIGHEST,3,"","","","","","","",""
|
|
117
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: typeahead.jquery-0.10.5.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/typeahead/client/resource/js/typeahead.jquery-0.10.5.min.cache.js,"","",934056f12af1f4ed4cc162ef3b71c4e8,4b7257b34ed67b67bbfa62b4a204038cf88b1f47,pkg:javascript/jquery@0.10.5.min.cache,"",CVE-2012-6708,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string, giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions, jQuery only deems the input to be HTML if it explicitly starts with the '<' character, limiting exploitability only to attackers who can control the beginning of a string, which is far less common.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
118
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: typeahead.jquery-0.10.5.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/typeahead/client/resource/js/typeahead.jquery-0.10.5.min.cache.js,"","",934056f12af1f4ed4cc162ef3b71c4e8,4b7257b34ed67b67bbfa62b4a204038cf88b1f47,pkg:javascript/jquery@0.10.5.min.cache,"",CVE-2020-7656,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove ""<script>"" HTML tags that contain a whitespace character, i.e: ""</script >"", which results in the enclosed script logic to be executed.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
119
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: typeahead.jquery-0.10.5.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/typeahead/client/resource/js/typeahead.jquery-0.10.5.min.cache.js,"","",934056f12af1f4ed4cc162ef3b71c4e8,4b7257b34ed67b67bbfa62b4a204038cf88b1f47,pkg:javascript/jquery@0.10.5.min.cache,"",CVE-2011-4969,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,"","","",HIGHEST,3,"","","","","","","",""
|
|
120
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",gwtbootstrap3-extras-1.0.2.jar: typeahead.jquery-0.10.5.min.cache.js,/home/tjd/.gradle/caches/modules-2/files-2.1/org.gwtbootstrap3/gwtbootstrap3-extras/1.0.2/a4d7cac881ff0bf9d741dbd608dcebf812ba2809/gwtbootstrap3-extras-1.0.2.jar/org/gwtbootstrap3/extras/typeahead/client/resource/js/typeahead.jquery-0.10.5.min.cache.js,"","",934056f12af1f4ed4cc162ef3b71c4e8,4b7257b34ed67b67bbfa62b4a204038cf88b1f47,pkg:javascript/jquery@0.10.5.min.cache,"",jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates,"",jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates,RETIREJS,"","","","","","",HIGHEST,3,"","","","","","","",""
|
|
121
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",itext-2.1.7.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/com.lowagie/itext/2.1.7/892bfb3e97074a61123b3b2d7caa2db112750864/itext-2.1.7.jar,"","",7587a618197a065eac4a453d173d4ed6,892bfb3e97074a61123b3b2d7caa2db112750864,pkg:maven/com.lowagie/itext@2.1.7,"",CVE-2017-9096,CWE-611 Improper Restriction of XML External Entity Reference,"The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity (XXE) attacks via a crafted PDF.",OSSINDEX,"","","",HIGH,8.800000190734863,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H,HIGHEST,13,"","","","","","","",""
|
|
122
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",itextpdf-5.5.13.3.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/com.itextpdf/itextpdf/5.5.13.3/5282897d446c3b736d63ef6e83043eb6f1943b4e/itextpdf-5.5.13.3.jar,A Free Java-PDF library,GNU Affero General Public License v3: http://www.fsf.org/licensing/licenses/agpl-3.0.html,38b19faec03e482dd858f231408a4a50,5282897d446c3b736d63ef6e83043eb6f1943b4e,pkg:maven/com.itextpdf/itextpdf@5.5.13.3,cpe:2.3:a:itextpdf:itext:5.5.13.3:*:*:*:*:*:*:*,CVE-2022-24196,CWE-770 Allocation of Resources Without Limits or Throttling,"iText v7.1.17, up to (exluding)"": 7.1.18 and 7.2.2 was discovered to contain an out-of-memory error via the component readStreamBytesRaw, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:N/A:P,MEDIUM,6.5,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A,HIGH,40,"","","","","","","",""
|
|
123
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",itextpdf-5.5.13.3.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/com.itextpdf/itextpdf/5.5.13.3/5282897d446c3b736d63ef6e83043eb6f1943b4e/itextpdf-5.5.13.3.jar,A Free Java-PDF library,GNU Affero General Public License v3: http://www.fsf.org/licensing/licenses/agpl-3.0.html,38b19faec03e482dd858f231408a4a50,5282897d446c3b736d63ef6e83043eb6f1943b4e,pkg:maven/com.itextpdf/itextpdf@5.5.13.3,cpe:2.3:a:itextpdf:itext:5.5.13.3:*:*:*:*:*:*:*,CVE-2022-24197,CWE-787 Out-of-bounds Write,"iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:N/A:P,MEDIUM,6.5,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:2.8/RC:R/MAV:A,HIGH,40,"","","","","","","",""
|
|
124
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",ivy-2.5.1.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/org.apache.ivy/ivy/2.5.1/7fac35f24f89776e7b78ec98658d8bc8f22f7e89/ivy-2.5.1.jar,"","",e2b8480e296278e41b68020a444c6ae1,7fac35f24f89776e7b78ec98658d8bc8f22f7e89,pkg:maven/org.apache.ivy/ivy@2.5.1,"cpe:2.3:a:apache:ant:2.5.1:*:*:*:*:*:*:*, cpe:2.3:a:apache:ivy:2.5.1:*:*:*:*:*:*:*",CVE-2022-46751,"CWE-611 Improper Restriction of XML External Entity Reference, CWE-91 XML Injection (aka Blind XPath Injection)","Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2. When Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used. This can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways. Starting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed. Users of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about ""JAXP Properties for External Access restrictions"" inside Oracle's ""Java API for XML Processing (JAXP) Security Guide"".",NVD,"","","",HIGH,8.2,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L/E:3.9/RC:R/MAV:A,HIGHEST,31,"","","","","","","",""
|
|
125
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-3.2.1.zip: jquery-3.2.1.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery/3.2.1/fbd1cc0ac4fa2399d58c570c29c5eb15d310c0e8/jquery-3.2.1.zip/jquery-3.2.1/jquery-3.2.1.js,"","",09dd64a64ba840c31a812a3ca25eaeee,fd81582bf1b15e6747472df880ca822c362a97d1,pkg:javascript/jquery@3.2.1,"",CVE-2019-11358,CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'),"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
126
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-3.2.1.zip: jquery-3.2.1.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery/3.2.1/fbd1cc0ac4fa2399d58c570c29c5eb15d310c0e8/jquery-3.2.1.zip/jquery-3.2.1/jquery-3.2.1.js,"","",09dd64a64ba840c31a812a3ca25eaeee,fd81582bf1b15e6747472df880ca822c362a97d1,pkg:javascript/jquery@3.2.1,"",CVE-2020-11022,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
127
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-3.2.1.zip: jquery-3.2.1.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery/3.2.1/fbd1cc0ac4fa2399d58c570c29c5eb15d310c0e8/jquery-3.2.1.zip/jquery-3.2.1/jquery-3.2.1.js,"","",09dd64a64ba840c31a812a3ca25eaeee,fd81582bf1b15e6747472df880ca822c362a97d1,pkg:javascript/jquery@3.2.1,"",CVE-2020-11023,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
128
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-ui-1.12.1.custom.zip: jquery-ui.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery-ui/1.12.1.custom/9344ddd9fb8dba38ddb1b908177550c27271f135/jquery-ui-1.12.1.custom.zip/jquery-ui-1.12.1.custom/jquery-ui.js,"","",bb4a7da3962cae0fdee48ec724e9af77,15c67023f4005d5c4049c3c2012a09bd4141ca34,pkg:javascript/jquery-ui@1.12.1,"",CVE-2021-41182,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
129
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-ui-1.12.1.custom.zip: jquery-ui.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery-ui/1.12.1.custom/9344ddd9fb8dba38ddb1b908177550c27271f135/jquery-ui-1.12.1.custom.zip/jquery-ui-1.12.1.custom/jquery-ui.js,"","",bb4a7da3962cae0fdee48ec724e9af77,15c67023f4005d5c4049c3c2012a09bd4141ca34,pkg:javascript/jquery-ui@1.12.1,"",CVE-2021-41183,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
130
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-ui-1.12.1.custom.zip: jquery-ui.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery-ui/1.12.1.custom/9344ddd9fb8dba38ddb1b908177550c27271f135/jquery-ui-1.12.1.custom.zip/jquery-ui-1.12.1.custom/jquery-ui.js,"","",bb4a7da3962cae0fdee48ec724e9af77,15c67023f4005d5c4049c3c2012a09bd4141ca34,pkg:javascript/jquery-ui@1.12.1,"",CVE-2021-41184,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
131
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-ui-1.12.1.custom.zip: jquery-ui.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery-ui/1.12.1.custom/9344ddd9fb8dba38ddb1b908177550c27271f135/jquery-ui-1.12.1.custom.zip/jquery-ui-1.12.1.custom/jquery-ui.js,"","",bb4a7da3962cae0fdee48ec724e9af77,15c67023f4005d5c4049c3c2012a09bd4141ca34,pkg:javascript/jquery-ui@1.12.1,"",CVE-2022-31160,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( ""refresh"" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.",NVD,"","","",MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
132
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-ui-1.12.1.custom.zip: jquery-ui.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery-ui/1.12.1.custom/9344ddd9fb8dba38ddb1b908177550c27271f135/jquery-ui-1.12.1.custom.zip/jquery-ui-1.12.1.custom/jquery-ui.min.js,"","",f1d435cc06559eb91e7bcb630967d947,a9ab8b22a898d2aa1ed84dfd75366b275e61423b,pkg:javascript/jquery-ui@1.12.1,"",CVE-2021-41182,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `altField` option of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `altField` option is now treated as a CSS selector. A workaround is to not accept the value of the `altField` option from untrusted sources.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
133
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-ui-1.12.1.custom.zip: jquery-ui.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery-ui/1.12.1.custom/9344ddd9fb8dba38ddb1b908177550c27271f135/jquery-ui-1.12.1.custom.zip/jquery-ui-1.12.1.custom/jquery-ui.min.js,"","",f1d435cc06559eb91e7bcb630967d947,a9ab8b22a898d2aa1ed84dfd75366b275e61423b,pkg:javascript/jquery-ui@1.12.1,"",CVE-2021-41183,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various `*Text` options of the Datepicker widget from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. The values passed to various `*Text` options are now always treated as pure text, not HTML. A workaround is to not accept the value of the `*Text` options from untrusted sources.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
134
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-ui-1.12.1.custom.zip: jquery-ui.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery-ui/1.12.1.custom/9344ddd9fb8dba38ddb1b908177550c27271f135/jquery-ui-1.12.1.custom.zip/jquery-ui-1.12.1.custom/jquery-ui.min.js,"","",f1d435cc06559eb91e7bcb630967d947,a9ab8b22a898d2aa1ed84dfd75366b275e61423b,pkg:javascript/jquery-ui@1.12.1,"",CVE-2021-41184,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of the `of` option of the `.position()` util from untrusted sources may execute untrusted code. The issue is fixed in jQuery UI 1.13.0. Any string value passed to the `of` option is now treated as a CSS selector. A workaround is to not accept the value of the `of` option from untrusted sources.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
135
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-ui-1.12.1.custom.zip: jquery-ui.min.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery-ui/1.12.1.custom/9344ddd9fb8dba38ddb1b908177550c27271f135/jquery-ui-1.12.1.custom.zip/jquery-ui-1.12.1.custom/jquery-ui.min.js,"","",f1d435cc06559eb91e7bcb630967d947,a9ab8b22a898d2aa1ed84dfd75366b275e61423b,pkg:javascript/jquery-ui@1.12.1,"",CVE-2022-31160,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( ""refresh"" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to potentially executing JavaScript code. The bug has been patched in jQuery UI 1.13.2. To remediate the issue, someone who can change the initial HTML can wrap all the non-input contents of the `label` in a `span`.",NVD,"","","",MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
136
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-ui-1.12.1.custom.zip: jquery.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery-ui/1.12.1.custom/9344ddd9fb8dba38ddb1b908177550c27271f135/jquery-ui-1.12.1.custom.zip/jquery-ui-1.12.1.custom/external/jquery/jquery.js,"","",fb2d334dabf4902825df4fe6c2298b4b,433836da7e015f2eb3fc386817de88b78248f6ef,pkg:javascript/jquery@1.12.4,"",CVE-2015-9251,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
137
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-ui-1.12.1.custom.zip: jquery.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery-ui/1.12.1.custom/9344ddd9fb8dba38ddb1b908177550c27271f135/jquery-ui-1.12.1.custom.zip/jquery-ui-1.12.1.custom/external/jquery/jquery.js,"","",fb2d334dabf4902825df4fe6c2298b4b,433836da7e015f2eb3fc386817de88b78248f6ef,pkg:javascript/jquery@1.12.4,"",CVE-2019-11358,CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'),"jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
138
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-ui-1.12.1.custom.zip: jquery.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery-ui/1.12.1.custom/9344ddd9fb8dba38ddb1b908177550c27271f135/jquery-ui-1.12.1.custom.zip/jquery-ui-1.12.1.custom/external/jquery/jquery.js,"","",fb2d334dabf4902825df4fe6c2298b4b,433836da7e015f2eb3fc386817de88b78248f6ef,pkg:javascript/jquery@1.12.4,"",CVE-2020-11022,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
139
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-ui-1.12.1.custom.zip: jquery.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery-ui/1.12.1.custom/9344ddd9fb8dba38ddb1b908177550c27271f135/jquery-ui-1.12.1.custom.zip/jquery-ui-1.12.1.custom/external/jquery/jquery.js,"","",fb2d334dabf4902825df4fe6c2298b4b,433836da7e015f2eb3fc386817de88b78248f6ef,pkg:javascript/jquery@1.12.4,"",CVE-2020-11023,CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'),"In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.",NVD,MEDIUM,4.3,/AV:N/AC:M/Au:N/C:N/I:P/A:N,MEDIUM,6.1,CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:2.8/RC:R/MAV:A,HIGHEST,3,"","","","","","","",""
|
|
140
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",jquery-ui-1.12.1.custom.zip: jquery.js,/home/tjd/.gradle/caches/modules-2/files-2.1/jquery/jquery-ui/1.12.1.custom/9344ddd9fb8dba38ddb1b908177550c27271f135/jquery-ui-1.12.1.custom.zip/jquery-ui-1.12.1.custom/external/jquery/jquery.js,"","",fb2d334dabf4902825df4fe6c2298b4b,433836da7e015f2eb3fc386817de88b78248f6ef,pkg:javascript/jquery@1.12.4,"",jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates,"",jQuery 1.x and 2.x are End-of-Life and no longer receiving security updates,RETIREJS,"","","","","","",HIGHEST,3,"","","","","","","",""
|
|
141
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",log4j-1.2.17.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,Apache Log4j 1.2,"The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt",04a41f0a068986f0f73485cf507c0f40,5af35056b4d257e4b64b9e8069c0746e8b08629f,pkg:maven/log4j/log4j@1.2.17,cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*,CVE-2019-17571,CWE-502 Deserialization of Untrusted Data,Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.,NVD,HIGH,7.5,/AV:N/AC:L/Au:N/C:P/I:P/A:P,CRITICAL,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A,HIGH,33,"","","","","","","",""
|
|
142
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",log4j-1.2.17.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,Apache Log4j 1.2,"The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt",04a41f0a068986f0f73485cf507c0f40,5af35056b4d257e4b64b9e8069c0746e8b08629f,pkg:maven/log4j/log4j@1.2.17,cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*,CVE-2020-9493,CWE-502 Deserialization of Untrusted Data,A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.,NVD,MEDIUM,6.8,/AV:N/AC:M/Au:N/C:P/I:P/A:P,CRITICAL,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A,HIGH,33,"","","","","","","",""
|
|
143
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",log4j-1.2.17.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,Apache Log4j 1.2,"The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt",04a41f0a068986f0f73485cf507c0f40,5af35056b4d257e4b64b9e8069c0746e8b08629f,pkg:maven/log4j/log4j@1.2.17,cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*,CVE-2022-23305,CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'),"By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the values to be inserted are converters from PatternLayout. The message converter, %m, is likely to always be included. This allows attackers to manipulate the SQL by entering crafted strings into input fields or headers of an application that are logged allowing unintended SQL queries to be executed. Note this issue only affects Log4j 1.x when specifically configured to use the JDBCAppender, which is not the default. Beginning in version 2.0-beta8, the JDBCAppender was re-introduced with proper support for parameterized SQL queries and further customization over the columns written to in logs. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.",NVD,MEDIUM,6.8,/AV:N/AC:M/Au:N/C:P/I:P/A:P,CRITICAL,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A,HIGH,33,"","","","","","","",""
|
|
144
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",log4j-1.2.17.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,Apache Log4j 1.2,"The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt",04a41f0a068986f0f73485cf507c0f40,5af35056b4d257e4b64b9e8069c0746e8b08629f,pkg:maven/log4j/log4j@1.2.17,cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*,CVE-2022-23302,CWE-502 Deserialization of Untrusted Data,"JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a TopicConnectionFactoryBindingName configuration causing JMSSink to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-4104. Note this issue only affects Log4j 1.x when specifically configured to use JMSSink, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.",NVD,MEDIUM,6.0,/AV:N/AC:M/Au:S/C:P/I:P/A:P,HIGH,8.8,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A,HIGH,33,"","","","","","","",""
|
|
145
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",log4j-1.2.17.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,Apache Log4j 1.2,"The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt",04a41f0a068986f0f73485cf507c0f40,5af35056b4d257e4b64b9e8069c0746e8b08629f,pkg:maven/log4j/log4j@1.2.17,cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*,CVE-2022-23307,CWE-502 Deserialization of Untrusted Data,CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.,NVD,HIGH,9.0,/AV:N/AC:L/Au:S/C:C/I:C/A:C,HIGH,8.8,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A,HIGH,33,"","","","","","","",""
|
|
146
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",log4j-1.2.17.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,Apache Log4j 1.2,"The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt",04a41f0a068986f0f73485cf507c0f40,5af35056b4d257e4b64b9e8069c0746e8b08629f,pkg:maven/log4j/log4j@1.2.17,cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*,CVE-2021-4104,CWE-502 Deserialization of Untrusted Data,"JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions. Sonatype's research suggests that this CVE's details differ from those defined at NVD. See https://ossindex.sonatype.org/vulnerability/CVE-2021-4104 for details",OSSINDEX,"","","",HIGH,7.5,CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H,HIGH,33,"","","","","","","",""
|
|
147
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",log4j-1.2.17.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/log4j/log4j/1.2.17/5af35056b4d257e4b64b9e8069c0746e8b08629f/log4j-1.2.17.jar,Apache Log4j 1.2,"The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt",04a41f0a068986f0f73485cf507c0f40,5af35056b4d257e4b64b9e8069c0746e8b08629f,pkg:maven/log4j/log4j@1.2.17,cpe:2.3:a:apache:log4j:1.2.17:*:*:*:*:*:*:*,CVE-2023-26464,CWE-502 Deserialization of Untrusted Data,"** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",NVD,"","","",HIGH,7.5,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:3.9/RC:R/MAV:A,HIGH,33,"","","","","","","",""
|
|
148
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",quartz-2.3.2.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/org.quartz-scheduler/quartz/2.3.2/18a6d6b5a40b77bd060b34cb9f2acadc4bae7c8a/quartz-2.3.2.jar,Enterprise Job Scheduler,"http://www.apache.org/licenses/LICENSE-2.0.txt Apache Software License, Version 2.0",d7299dbaec0e0ed7af281b07cc40c8c1,18a6d6b5a40b77bd060b34cb9f2acadc4bae7c8a,pkg:maven/org.quartz-scheduler/quartz@2.3.2,cpe:2.3:a:softwareag:quartz:2.3.2:*:*:*:*:*:*:*,CVE-2023-39017,CWE-94 Improper Control of Generation of Code ('Code Injection'),quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument. NOTE: this is disputed by multiple parties because it is not plausible that untrusted user input would reach the code location where injection must occur.,NVD,"","","",CRITICAL,9.8,CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:3.9/RC:R/MAV:A,HIGH,36,"","","","","","","",""
|
|
149
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",velocity-1.7.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/org.apache.velocity/velocity/1.7/2ceb567b8f3f21118ecdec129fe1271dbc09aa7a/velocity-1.7.jar,"","",3692dd72f8367cb35fb6280dc2916725,2ceb567b8f3f21118ecdec129fe1271dbc09aa7a,pkg:maven/org.apache.velocity/velocity@1.7,cpe:2.3:a:apache:velocity_engine:1.7:*:*:*:*:*:*:*,CVE-2020-13936,NVD-CWE-noinfo,An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2.,NVD,HIGH,9.0,/AV:N/AC:L/Au:S/C:C/I:C/A:C,HIGH,8.8,CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:2.8/RC:R/MAV:A,HIGHEST,27,"","","","","","","",""
|
|
150
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",xercesImpl-2.12.2.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/xerces/xercesImpl/2.12.2/f051f988aa2c9b4d25d05f95742ab0cc3ed789e2/xercesImpl-2.12.2.jar,"","",40e4f2d5aacfbf51a9a1572d77a0e5e9,f051f988aa2c9b4d25d05f95742ab0cc3ed789e2,pkg:maven/xerces/xercesImpl@2.12.2,cpe:2.3:a:apache:xerces-j:2.12.2:*:*:*:*:*:*:*,CVE-2017-10355,CWE-833 Deadlock,"sonatype-2017-0348 - xerces:xercesImpl - Denial of Service (DoS) The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.",OSSINDEX,"","","",MEDIUM,5.900000095367432,CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H,HIGHEST,72,"","","","","","","",""
|
|
151
|
root project 'p2j_6692a',"Mon, 19 Feb 2024 13:05:20 +0100",xsd-2.2.3.jar,/home/tjd/.gradle/caches/modules-2/files-2.1/org.eclipse.xsd/xsd/2.2.3/348b9a00d81f85c2d209d41698ec7ba14bcbbbf9/xsd-2.2.3.jar,"","",2367efc645210aeecee95c679b5e03ee,348b9a00d81f85c2d209d41698ec7ba14bcbbbf9,pkg:maven/org.eclipse.xsd/xsd@2.2.3,cpe:2.3:a:eclipse:org.eclipse.core.runtime:2.2.3:*:*:*:*:*:*:*,CVE-2023-4218,CWE-611 Improper Restriction of XML External Entity Reference,In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch).,NVD,"","","",MEDIUM,5.0,CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:1.3/RC:R/MAV:A,HIGHEST,28,"","","","","","","",""
|