jQuery — набор функций JavaScript, фокусирующийся на взаимодействии JavaScript и HTML.
Релизный цикл, информация об уязвимостях
График релизов
Количество 69
GHSA-w97x-8w5v-6mh4
The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking."
RLSA-2021:1846
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
GHSA-2pqj-h3vj-pqgw
Cross-Site Scripting in jquery
BDU:2023-07536
Уязвимость библиотеки jQuery, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить межсайтовую сценарную атаку
GHSA-q4m3-2j7h-f7xw
Cross-Site Scripting in jquery
CVE-2020-7656
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-7656
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ...
CVE-2020-7656
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
CVE-2020-7656
jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed.
GHSA-jpcq-cgw6-v4j6
Potential XSS vulnerability in jQuery
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
| GHSA-w97x-8w5v-6mh4 The jQuery framework exchanges data using JavaScript Object Notation (JSON) without an associated protection scheme, which allows remote attackers to obtain the data via a web page that retrieves the data through a URL in the SRC attribute of a SCRIPT element and captures the data using other JavaScript code, aka "JavaScript Hijacking." | 0% Низкий | больше 3 лет назад | |
 | RLSA-2021:1846 Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update | 28% Средний | больше 4 лет назад | |
| GHSA-2pqj-h3vj-pqgw Cross-Site Scripting in jquery | CVSS3: 6.1 | 1% Низкий | около 5 лет назад |
 | BDU:2023-07536 Уязвимость библиотеки jQuery, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить межсайтовую сценарную атаку | CVSS3: 6.1 | 1% Низкий | больше 5 лет назад |
| GHSA-q4m3-2j7h-f7xw Cross-Site Scripting in jquery | CVSS3: 6.1 | 1% Низкий | больше 5 лет назад |
 | CVE-2020-7656 jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed. | CVSS3: 6.1 | 1% Низкий | больше 5 лет назад |
| CVE-2020-7656 jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ... | CVSS3: 6.1 | 1% Низкий | больше 5 лет назад |
 | CVE-2020-7656 jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed. | CVSS3: 6.1 | 1% Низкий | больше 5 лет назад |
 | CVE-2020-7656 jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed. | CVSS3: 5.4 | 1% Низкий | больше 5 лет назад |
| GHSA-jpcq-cgw6-v4j6 Potential XSS vulnerability in jQuery | CVSS3: 6.9 | 28% Средний | больше 5 лет назад |
Уязвимостей на страницу