Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-rrj2-ph5q-jxw2

Опубликовано: 15 апр. 2025
Источник: github
Github: Прошло ревью
CVSS4: 5.3
CVSS3: 6.1

Описание

jquery-validation vulnerable to Cross-site Scripting

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

Ссылки

Пакеты

Наименование

jquery-validation

npm
Затронутые версииВерсия исправления

< 1.20.0

1.20.0

EPSS

Процентиль: 4%
0.00021
Низкий

5.3 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2025-3573

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2025-3573

CVSS3: 6.1
ubuntu
5 месяцев назад

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

redhat логотип

CVE-2025-3573

CVSS3: 6.1
redhat
5 месяцев назад

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

nvd логотип

CVE-2025-3573

CVSS3: 6.1
nvd
5 месяцев назад

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

debian логотип

CVE-2025-3573

CVSS3: 6.1
debian
5 месяцев назад

Versions of the package jquery-validation before 1.20.0 are vulnerable ...

EPSS

Процентиль: 4%
0.00021
Низкий

5.3 Medium

CVSS4

6.1 Medium

CVSS3

CVE ID

CVE-2025-3573

Дефекты

CWE-79