Description
Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression.
Recommendation
Update the jquery package to the latest compatible version. Followings are version details:
- Affected version(s): <= 1.8.3
- Patched version(s): 1.9.0
References
- GHSA-2pqj-h3vj-pqgw
- bugs.jquery.com
- help.ecostruxureit.com
- lists.apache.org
- snyk.io
- lists.opensuse.org
- packetstormsecurity.com
- security.snyk.io
- research.insecurelabs.org
- web.archive.org
- CVE-2012-6708
- CWE-64
- CWE-79
- CAPEC-310
- OWASP 2021-A3
- OWASP 2021-A6
Related Issues
- Jodit Editor vulnerable to Cross-site Scripting (GHSA-42hx-vrxx-5r6v) - CVE-2022-23461
- Cross-site Scripting in jquery.json-viewer - CVE-2022-30241
- Cross-site Scripting in vditor (GHSA-pq37-4c4g-v38c) - CVE-2022-0341
- Bootstrap Cross-site Scripting vulnerability (GHSA-pj7m-g53m-7638) - CVE-2018-14041
- Tags:
- npm
- jquery
Anything's wrong? Let us know Last updated on July 10, 2023