ThreatMon Blog
  • Platform
  • Intelligence Modules
    • Cyber Threat Intelligence
    • Attack Surface Management
    • Digital Risk Protection
  • Resources
    • Blog
    • Reports
  • Company
    • About Us
    • Term & Use
    • Privacy Policy
No Result
View All Result
  • Platform
  • Intelligence Modules
    • Cyber Threat Intelligence
    • Attack Surface Management
    • Digital Risk Protection
  • Resources
    • Blog
    • Reports
  • Company
    • About Us
    • Term & Use
    • Privacy Policy
No Result
View All Result
ThreatMon Blog
No Result
View All Result

Home » What Is Jquery XSS Vulnerability Version?

What Is Jquery XSS Vulnerability Version?

ThreatMon Team by ThreatMon Team
June 21, 2024
in General
0
What Is Jquery XSS Vulnerability Version?
552
SHARES
3.2k
VIEWS
Share on FacebookShare on Twitter

Let’s start with what jquery and XSS are.

Jquery is a library of JavaScript. It was created to facilitate the use of JavaScript on websites. It is not a separate programming language and works with JavaScript.

A cross-site scripting attack (XSS) occurs when a hacker injects malicious code, usually in the form of client-side scripting, into the content of a web page that is seen as benign and trustworthy.

So what does this vulnerability do?

By examining the source codes of Jquery, which is a Javascript library, harmful codes can be run in these codes. Thanks to these malicious codes, much information, including personal information, can be captured and operations can be performed on computers.
jQuery software used a regex in its jQuery.htmlPrefilter method to ensure that closing tags were XHTML-compliant when passed to methods. The developers behind jQuery described the moderate severity vulnerability as something that only came into play in “edge cases where parsing would have unintended consequences”. The XSS vulnerability resolved last month meant that “passing HTML from untrusted sources – even after sanitizing it – to one of jQuery’s DOM manipulation methods (such as .html(), .append(), and others) may execute untrusted code,” according to the write-up on GitHub.

xss-vulnerability

How to find the Jquery version used?

  • First of all, the source code of the page is examined and the jquery version used is found.

jquery-version-used

  • One of the most effective methods is to type this command “console.log($.fn.jquery)” in the developer console.

command

Mitigation and Remediation

What should be done to protect from JQuery XSS vulnerability in the system?

  • If the JQuery version used contains an XSS vulnerability, the current version should be updated to the latest version.
  • The JQuery version should be checked frequently to see if there are any vulnerabilities.

References:

https://portswigger.net/daily-swig/jquery-xss-vulnerability-affects-other-apps-warns-security-researcher

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023

https://nvd.nist.gov/vuln/detail/cve-2020-11022

https://nvd.nist.gov/vuln/detail/CVE-2020-7656

https://nvd.nist.gov/vuln/detail/CVE-2018-18405

https://nvd.nist.gov/vuln/detail/cve-2015-9251

https://nvd.nist.gov/vuln/detail/CVE-2011-4969

https://jquery.com/download/

Previous Post

What is File Upload Vulnerability?

 Next Post

What are Multiple Apache Vulnerabilities?
Next Post
what-are-multiple-apache-vulnerabilities-01

What are Multiple Apache Vulnerabilities?

Recommended

what-is-external-attack-surface-management-easm

What is External Attack Surface Management (EASM)?

June 21, 2024
akira-undetectable-stealer-unleashed

Akira: Undetectable Stealer Unleashed

October 11, 2023

Popular Story

  • top-10-dark-web-search-engines1

    Top 10 Dark Web Search Engines

    552 shares
    Share 221 Tweet 138

  • Top 10 Dark Web Forums

    552 shares
    Share 221 Tweet 138

  • What is SMTP Open Mail Relay Vulnerability?

    552 shares
    Share 221 Tweet 138

  • What is Server Header Information Disclosure?

    552 shares
    Share 221 Tweet 138

  • ChatGPT and Malware Analysis – ThreatMon

    552 shares
    Share 221 Tweet 138

Intelligence Modules

Cyber Threat Intelligence Attack Surface Management Digital Risk Protection

Resources

Blog Reports

Platform

Discover the platform

Company

About Us Terms & Use Privacy Policy

Blog

The Importance of Attack Surface Management for Organizations ChatGPT and Malware Analysis – ThreatMon TA558 APT Group Uses Malicious Microsoft Compiled HTML Help Files
threatmon-logo

Copyright © 2023
No Result
View All Result
  • Platform
  • Intelligence Modules
    • Cyber Threat Intelligence
    • Attack Surface Management
    • Digital Risk Protection
  • Resources
    • Blog
    • Reports
  • Company
    • About Us
    • Term & Use
    • Privacy Policy

© 2024 JNews - Premium WordPress news & magazine theme by Jegtheme.

End-to-End Threat Intelligence Platform
Get Free Trial
End-to-End Threat Intelligence Platform