jQuery — набор функций JavaScript, фокусирующийся на взаимодействии JavaScript и HTML.
Релизный цикл, информация об уязвимостях
График релизов
Количество 66
BDU:2023-07536
Уязвимость библиотеки jQuery, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить межсайтовую сценарную атаку
GHSA-q4m3-2j7h-f7xw
Cross-Site Scripting in jquery
CVE-2020-7656
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-7656
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ...
CVE-2020-7656
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-7656
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
GHSA-jpcq-cgw6-v4j6
Potential XSS vulnerability in jQuery
GHSA-gxr4-xjj5-5px2
Potential XSS vulnerability in jQuery
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
CVE-2020-11022
In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | BDU:2023-07536 Уязвимость библиотеки jQuery, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить межсайтовую сценарную атаку | CVSS3: 6.1 | 1% Низкий | около 5 лет назад |
| GHSA-q4m3-2j7h-f7xw Cross-Site Scripting in jquery | CVSS3: 6.1 | 1% Низкий | около 5 лет назад |
 | CVE-2020-7656 jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed. | CVSS3: 6.1 | 1% Низкий | около 5 лет назад |
| CVE-2020-7656 jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ... | CVSS3: 6.1 | 1% Низкий | около 5 лет назад |
 | CVE-2020-7656 jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed. | CVSS3: 6.1 | 1% Низкий | около 5 лет назад |
 | CVE-2020-7656 jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed. | CVSS3: 5.4 | 1% Низкий | около 5 лет назад |
| GHSA-jpcq-cgw6-v4j6 Potential XSS vulnerability in jQuery | CVSS3: 6.9 | 12% Средний | около 5 лет назад |
| GHSA-gxr4-xjj5-5px2 Potential XSS vulnerability in jQuery | CVSS3: 6.9 | 5% Низкий | около 5 лет назад |
| CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. | CVSS3: 6.9 | 5% Низкий | около 5 лет назад |
| CVE-2020-11022 In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ... | CVSS3: 6.9 | 5% Низкий | около 5 лет назад |
Уязвимостей на страницу