Lucene search

K
osvGoogleOSV:GHSA-RMXG-73GG-4P98
HistoryJan 22, 2018 - 1:32 p.m.

Cross-Site Scripting (XSS) in jquery

2018-01-2213:32:06
Google
osv.dev
112

0.007 Low

EPSS

Percentile

79.7%

Affected versions of jquery interpret text/javascript responses from cross-origin ajax requests, and automatically execute the contents in jQuery.globalEval, even when the ajax request doesn’t contain the dataType option.

Recommendation

Update to version 3.0.0 or later.

References