Cross-site Scripting (XSS)

jquery-validation is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized user input in the showLabel function due to improper handling of placeholder values that populate messages via $.validator.messages...

GHSA-RRJ2-PH5Q-JXW2 jquery-validation vulnerable to Cross-site Scripting

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

@archey347/uf_blog (=0.0.0), @boldreports/angular-reporting-components (>=5.1.20 <=11.1.10) +19 more potentially affected by CVE-2025-3573 via jquery-validation (>=1.14.0 <=1.19.5)

jquery-validation NPM version =1.14.0, =5.1.20, =5.1.20, =5.1.20, =0.0.4, =4.0.0, =5.0.0, =0.0.2, =0.2.2, =3.0.0, =5.0.0, =5.0.0, =0.11.28, =0.0.8, =0.0.13 and more Source cves: CVE-2025-3573 Source advisory: OSV:GHSA-RRJ2-PH5Q-JXW2...

jquery-validation vulnerable to Cross-site Scripting

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

DEBIAN-CVE-2025-3573

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

CVE-2025-3573

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

CVE-2025-3573

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

UBUNTU-CVE-2025-3573

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

CVE-2025-3573

CVE-2025-3573 concerns the jquery-validation library. Versions before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, where user-controlled input can be written into the localizable validator.messages dictionary. The vulnerability is described as input-driven and ...

CVE-2025-3573

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

CVE-2025-3573

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting XSS in the showLabel function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary...

Security Bulletin: Multiple vulnerabilities found in IBM ApplinX.

Summary IBM ApplinX has been updated in order to address the multiple vulnerabilities. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability usin...

Security Bulletin: A vulnerability in jQuery affects IBM Robotic Process automation and could result in cross-site scripting (CVE-2024-30875).

Summary A vulnerability in jQuery affects IBM Robotic Process automation and could result in cross-site scripting. jQuery is used by IBM Robotic Process Automation as part of the Carbon UI framework. This bulletin identifies the fixes required to address the vulnerability. Vulnerability Details...

PT-2025-16320 · Unknown · Jquery Zooeffect

Name of the Vulnerable Software and Affected Versions: 1pluginjquery ZooEffect versions n/a through 1.11 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers t...

jquery-validation 安全漏洞

jquery-validation is a tool from the jquery-validation open source. Provides plug-in validation for forms while making various customizations to fit your application very easy. A security vulnerability exists in versions of jquery-validation prior to 1.20.0, which stems from the showLabel functio...

RHEL 7 : python-XStatic-jquery-ui (RHSA-2016:2932)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2016:2932 advisory. jquery-ui javascript library packaged for setuptools easyinstall / pip. The following packages have been upgraded to a newer upstream version:...

Moodle 3.11.x < 3.11.16 JQuery UI Library Upgrade

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23 or 3.11.x prior to 3.11.16. The JQuery UI library included with Moodle has been upgraded to version 1.13.2, which includes fixes for multiples security issues. Note that the scanner has not...

Moodle < 3.9.23 JQuery UI Library Upgrade

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.23 or 3.11.x prior to 3.11.16. The JQuery UI library included with Moodle has been upgraded to version 1.13.2, which includes fixes for multiples security issues. Note that the scanner has not...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.7.

Summary In addition to updates of open source dependencies, the following security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.7. Vulnerability Details CVEID:CVE-2024-7254 DESCRIPTION: Any project that parses untrusted Protocol Buffers data containing an...

jQuery 3.3.1 - Prototype Pollution &amp; XSS Exploit

Exploit Title: jQuery Prototype Pollution & XSS Exploit CVE-2019-11358 & CVE-2020-7656 Google Dork: N/A Date: 2025-02-13 Exploit Author: xOryus Vendor Homepage: https://jquery.com Software Link: https://code.jquery.com/jquery-3.3.1.min.js Version: 3.3.1 Tested on: Windows 10, Ubuntu 20.04, Chrome...