Cross-site Scripting (XSS)

Affecting jquery package, versions <3.0.0-beta1 >1.12.3 || <1.12.0 >=1.4.0

medium severity

Overview

jquery is JavaScript library for DOM operations.

Affected versions of the package are vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain ajax request is performed without the dataType option causing text/javascript responses to be executed.

Remediation

Upgrade jquery to version 3.0.0 or higher.

References

Credit
Egor Homakov
CWE
CWE-79
Snyk ID
npm:jquery:20150627
Disclosed
26 Jun, 2015
Published
27 Nov, 2016

Do your applications use this vulnerable package?