Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:GHSA-JMH9-6RJQ-GJH9
HistoryJun 05, 2024 - 1:28 p.m.

Vulnerable embedded jQuery Version

2024-06-0513:28:36
Google
osv.dev
1
pimcore
xss
jquery
cross-site-scripting
untrusted sources
patched
dom manipulation
security vulnerability
snyk
version 3.5.0
javascript library

7 High

AI Score

Confidence

High

JSON

Summary

PIMCore uses the JavaScript library jQuery in version 3.4.1. This version is vulnerable to cross-site-scripting (XSS).

Details

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources - even after sanitizing it to one of jQuery’s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Publish Date: 2020-04-29

URL:= https://security.snyk.io/package/npm/jquery/3.4.1

7 High

AI Score

Confidence

High

JSON