Cross-site Scripting (XSS)
jquery-mobile is vulnerable to cross-site scripting. Lack of validation in the Content-Type header of an XHR request results in the rendering of an AJAX JSON response as HTML in a user's browser. A remote attacker is able to inject arbitrary Javascript into a victim's browser by relying on anothe...