Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2025-3573

Опубликовано: 15 апр. 2025
Источник: debian
EPSS Низкий

Описание

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
civicrmremovedpackage
civicrmpostponedbullseyepackage
kalkunfixed0.8.3.2-1package
znunyfixed6.5.16-1package
znunyno-dsatrixiepackage
znunyno-dsabookwormpackage
phpmyadminfixed4:5.2.2-really+dfsg-2package
phpmyadminfixed4:5.2.2-really+dfsg-1+deb13u1trixiepackage
phpmyadminno-dsabookwormpackage
phpmyadminpostponedbullseyepackage
node-jquery-validationnot-affectedpackage

Примечания

  • https://github.com/jquery-validation/jquery-validation/pull/2462

  • https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902

  • civicrm embedds jquery-validation

EPSS

Процентиль: 9%
0.00032
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2025-3573

CVSS3: 6.1
ubuntu
9 месяцев назад

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

redhat логотип

CVE-2025-3573

CVSS3: 6.1
redhat
9 месяцев назад

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

nvd логотип

CVE-2025-3573

CVSS3: 6.1
nvd
9 месяцев назад

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

github логотип

GHSA-rrj2-ph5q-jxw2

CVSS3: 6.1
github
9 месяцев назад

jquery-validation vulnerable to Cross-site Scripting

EPSS

Процентиль: 9%
0.00032
Низкий