jQuery — набор функций JavaScript, фокусирующийся на взаимодействии JavaScript и HTML.

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry

jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG ele ...

jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry

jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry

Уязвимость библиотеки jQuery, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить межсайтовй скриптинг

XSS in jQuery as used in Drupal, Backdrop CMS, and other products

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.