[20200604] - Core - XSS in jQuery.htmlPrefilter

2020-06-02T00:00:00
ID JOOMLA-816
Type joomla
Reporter Open Source Matters, Inc.
Modified 2020-06-02T00:00:00

Description

The jQuery project released version 3.5.0, and as part of that, disclosed two security vulnerabilities that affect all prior versions. As mentioned in the jQuery blog, both are "[...] security issues in jQuery’s DOM manipulation methods, as in .html(), .append(), and the others."

The Drupal project has backported the relevant fixes back to jQuery 1.x and Joomla has adopted that patch.