Veracode Vulnerability DatabaseVERACODE:6097Cross-Site Scripting (XSS)
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
jQuery is susceptible to cross-site scripting (XSS) attacks. It is vulnerable because it immediately executes the event handlers or scripts passed to parseHTML.js, allowing the malicious user to inject arbitrary HTML or script through it.
References
br.linkedin.com/in/joas-antonio-dos-santos
gist.github.com/CyberSecurityUP/26c5b032897630fe8407da4a8ef216d4
github.com/jquery/jquery/commit/744be7b20b676c618d0cfbf2775c5191e87252dd
gitter.im/jquery/jquery?at=5ea844a05cd4fe50a3d7ddc9
lists.fedoraproject.org/archives/list/[email protected]/message/VOE7P7APPRQKD4FGNHBKJPDY6FFCOH3W/
twitter.com/DanielRufde/status/1255185961866145792
Related
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N