JQuery Cross-Site Scripting (XSS) Vulnerability

Technical Severity

CVSS v3.1 Metrics

MEDIUM

6.9 / 10

Minimal Risk Critical

Vector Specification

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N

Exploitation Likelihood

EPSS Prediction

32.30 %

Predictive Probability

Percentile Rank

96.7 th

Documented as more likely to be exploited than 96.7% of known CVEs.

Detection Date

Jan 23, 2025

Remediation Due

Feb 13, 2025

CISA Catalog Active

Threat Analysis

JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser.

Remediation Directive

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Asset Context

Vendor Identity

JQuery

Affected Product

JQuery

Ransomware Status

Campaign Use Unknown

Weakness Classification

CWE-79

External Intelligence

This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see:

https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6

https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

NVD

National Vulnerability Database

https://nvd.nist.gov/vuln/detail/CVE-2020-11023