Cross-Site Scripting

Overview

Affected versions of jquery are vulnerable to cross-site scripting. This occurs because the main jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that jquery may interpret HTML as selectors when given certain inputs, allowing for client side code execution.

Proof of Concept

$("#log").html(
    $("element[attribute='<img src />']").html()
);

Recommendation

Update to version 1.9.0 or later.

References

• jQuery Ticket 11290
• jQuery Ticket 6429
• jQuery Ticket 9521
• jQuery Ticket 12531
• GitHub Advisory