Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMB0FB4CCA6C2AAF4AE7DFA7516AE94640B71BE0BE346F669F7A4393C673251F3D
HistoryFeb 09, 2021 - 7:25 p.m.

Security Bulletin: IBM Security QRadar Analyst Workflow add on to IBM QRadar SIEM is vulnerable to using components with known vulnerabilities

2021-02-0919:25:36
www.ibm.com
66

0.061 Low

EPSS

Percentile

93.6%

JSON

Summary

The product includes vulnerable components (e.g., framework libraries) that may be identified and exploited with automated tools.

Vulnerability Details

CVEID:CVE-2015-9251
**DESCRIPTION:**jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/138029 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2020-11022
**DESCRIPTION:**jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the jQuery.htmlPrefilter method. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/181349 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2020-26870
**DESCRIPTION:**DOMPurify is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the Nesting FORM element. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.
CVSS Base score: 6.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/189516 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Security QRadar Analyst Workflow 1.0.0 - 1.4.0

Remediation/Fixes

Update to 1.4.1

Workarounds and Mitigations

None

Related

ibm 44
atlassian 7
cvelist 5
openvas 14
ubuntucve 4
ics 2
f5 2
veracode 2
debiancve 4
osv 18
prion 5
cloudfoundry 1
alpinelinux 3
nvd 6
attackerkb 3
github 7
cve 6
nessus 29
freebsd 2
githubexploit 2
nodejs 2
packetstorm 1
mscve 1
redhat 4
redhatcve 1
zdt 1
hackerone 2
laminas 2
debian 3
fortinet 1
archlinux 1
exploitdb 1
fedora 2
hp 2
joomla 1
suse 1
checkpoint_advisories 1
oraclelinux 2
drupal 1
gentoo 1
typo3 1
rocky 1
ibm
ibm
Security Bulletin: IBM CICS TX Advanced is vulnerable to multiple vulnerabilities in jQuery.
2023-02-14 21:04:36
Security Bulletin: IBM CICS TX Standard is vulnerable to multiple vulnerabilities in jQuery.
2023-02-14 21:14:53
Security Bulletin: Multiple vulnerabilities found in third party libraries used by IBM® MobileFirst Platform
2023-04-19 17:26:48
atlassian
atlassian
Update jQuery to avoid CVE-2020-11022, CVE-2020-11023, and CVE-2015-9251
2021-02-16 18:28:38
Jira uses vulnerable jQuery version CVE-2015-9251
2020-04-20 13:29:57
The jQuery version used in JIRA needs to be updated
2015-05-18 09:31:54
cvelist
cvelist
CVE-2015-9251
2018-01-18 23:00:00
CVE-2020-26870
2020-10-07 15:50:09
CVE-2020-11022 Potential XSS vulnerability in jQuery
2020-04-29 00:00:00
openvas
openvas
jQuery < 3.0.0 XSS Vulnerability
2018-11-01 00:00:00
jQuery 1.2 < 3.5.0 XSS Vulnerability
2020-05-05 00:00:00
Tenable Nessus < 8.13.0 XSS Vulnerability (TNS-2020-10)
2023-05-17 00:00:00
ubuntucve
ubuntucve
CVE-2015-9251
2018-01-18 00:00:00
CVE-2020-26870
2020-10-07 00:00:00
CVE-2020-11022
2020-04-29 00:00:00
ics
ics
AVEVA InTouch Access Anywhere
2018-07-31 12:00:00
AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere (Update A)
2023-03-16 12:00:00
f5
f5
K29562170 : jQuery vulnerability CVE-2015-9251
2020-02-19 00:00:00
K02453220 : jQuery vulnerability CVE-2020-11022
2020-08-03 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-10-08 06:06:52
Cross-Site Scripting (XSS)
2020-04-30 01:59:55
debiancve
debiancve
CVE-2020-26870
2020-10-07 16:15:00
CVE-2015-9251
2018-01-18 23:29:00
CVE-2020-11022
2020-04-29 22:15:11
osv
osv
CVE-2020-26870
2020-10-07 16:15:18
CVE-2015-9251
2018-01-18 23:29:00
Cross-Site Scripting (XSS) in jquery
2018-01-22 13:32:06
prion
prion
Cross site scripting
2018-01-18 23:29:00
Session fixation
2020-10-07 16:15:00
Code injection
2020-04-29 22:15:00
cloudfoundry
cloudfoundry
CVE-2015-9251: UAA contains vulnerable jQuery version | Cloud Foundry
2019-07-08 00:00:00
alpinelinux
alpinelinux
CVE-2015-9251
2018-01-18 23:29:00
CVE-2020-11022
2020-04-29 22:15:11
CVE-2017-16012
2018-06-04 19:29:00
nvd
nvd
CVE-2015-9251
2018-01-18 23:29:00
CVE-2020-26870
2020-10-07 16:15:18
CVE-2020-11022
2020-04-29 22:15:11
attackerkb
attackerkb
CVE-2015-9251
2018-01-18 00:00:00
CVE-2020-11023
2020-04-29 00:00:00
CVE-2020-11022
2020-04-29 00:00:00
github
github
Cross-Site Scripting (XSS) in jquery
2018-01-22 13:32:06
Cross-site Scripting in dompurify
2020-12-18 22:51:40
Reflected XSS in Gotify's /docs via import of outdated Swagger UI
2023-01-10 22:48:43
cve
cve
CVE-2015-9251
2018-01-18 23:29:00
CVE-2020-26870
2020-10-07 16:15:18
CVE-2020-11022
2020-04-29 22:15:11
nessus
nessus
JQuery < 3.0.0 XSS
2019-05-15 00:00:00
FreeBSD : rt -- XSS via jQuery (416ca0f4-3fe0-11e9-bbdd-6805ca0b3d42)
2019-03-07 00:00:00
RHEL 7 : jquery (Unpatched Vulnerability)
2024-06-03 00:00:00
freebsd
freebsd
rt -- XSS via jQuery
2019-03-05 00:00:00
RDoc -- multiple jQuery vulnerabilities
2019-08-28 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Jquery
2020-11-02 20:55:10
Exploit for Cross-site Scripting in Jquery
2021-10-16 01:10:33
nodejs
nodejs
Cross-Site Scripting
2020-04-30 18:19:09
Cross-Site Scripting
2020-12-18 22:54:16
packetstorm
packetstorm
jQuery 1.2 Cross Site Scripting
2021-04-14 00:00:00
mscve
mscve
Visual Studio Remote Code Execution Vulnerability
2021-01-12 08:00:00
redhat
redhat
(RHSA-2020:2217) Moderate: OpenShift Container Platform 3.11 security update
2020-05-28 11:08:25
(RHSA-2020:0481) Important: Red Hat JBoss Fuse/A-MQ 6.3 R15 security and bug fix update
2020-02-12 15:24:44
(RHSA-2020:4211) Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update
2020-10-08 06:44:00
redhatcve
redhatcve
CVE-2020-11022
2020-04-29 23:09:52
zdt
zdt
jQuery 1.2 - Cross-Site Scripting Vulnerability
2021-04-14 00:00:00
hackerone
hackerone
Reddit: CVE-2020-11022
2022-12-20 17:19:58
Ruby: Ruby is shipping a vulnerable jQuery
2019-03-30 14:10:34
laminas
laminas
XSS and RCE vectors in laminas-api-tools/api-tools-documentation-swagger
2020-04-01 21:30:00
XSS vectors in laminas-api-tools/api-tools
2020-04-01 21:30:00
debian
debian
[SECURITY] [DLA 2419-1] dompurify.js security update
2020-10-29 16:03:08
[SECURITY] [DSA 4693-1] drupal7 security update
2020-05-26 21:08:21
[SECURITY] [DLA 2608-1] jquery security update
2021-03-26 01:32:22
fortinet
fortinet
Protect
2019-04-10 00:00:00
archlinux
archlinux
[ASA-201910-4] ruby-rdoc: cross-site scripting
2019-10-02 00:00:00
exploitdb
exploitdb
jQuery 1.2 - Cross-Site Scripting (XSS)
2021-04-14 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: drupal8-8.9.0-1.fc32
2020-06-16 01:32:24
[SECURITY] Fedora 32 Update: drupal7-7.70-1.fc32
2020-05-31 03:31:15
hp
hp
HPSBPI03688 rev. 1 - Certain HP Printer and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
Certain HP Printers and MFP products - Cross-Site Scripting (XSS)
2020-09-17 00:00:00
joomla
joomla
[20200604] - Core - XSS in jQuery.htmlPrefilter
2020-04-10 00:00:00
suse
suse
Security update for otrs (moderate)
2020-11-10 00:00:00
checkpoint_advisories
checkpoint_advisories
jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)
2020-11-16 00:00:00
oraclelinux
oraclelinux
jquery-ui security update
2022-03-01 00:00:00
ipa security, bug fix, and enhancement update
2020-10-06 00:00:00
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2020-002
2020-05-20 00:00:00
gentoo
gentoo
Cacti: Multiple vulnerabilities
2020-07-26 00:00:00
typo3
typo3
Cross-Site Scripting in extension "Kitodo.Presentation" (dlf)
2020-07-29 00:00:00
rocky
rocky
idm:DL1 and idm:client security, bug fix, and enhancement update
2020-11-03 12:25:36

0.061 Low

EPSS

Percentile

93.6%

JSON
Related for B0FB4CCA6C2AAF4AE7DFA7516AE94640B71BE0BE346F669F7A4393C673251F3D
ibm44atlassian7cvelist5openvas14ubuntucve4ics2f52veracode2debiancve4osv18prion5cloudfoundry1alpinelinux3nvd6attackerkb3github7cve6nessus29freebsd2githubexploit2nodejs2packetstorm1mscve1redhat4redhatcve1zdt1hackerone2laminas2debian3fortinet1archlinux1exploitdb1fedora2hp2joomla1suse1checkpoint_advisories1oraclelinux2drupal1gentoo1typo31rocky1