Free Access
Blog

What Is Jquery XSS Vulnerability Version?

This image is about jQuery XSS vulnerability versions.

Let’s start with what jquery and XSS are.

Jquery is a library of JavaScript. It was created to facilitate the use of JavaScript on websites. It is not a separate programming language and works with JavaScript.

A cross-site scripting attack (XSS) occurs when a hacker injects malicious code, usually in the form of client-side scripting, into the content of a web page that is seen as benign and trustworthy.

So what does this vulnerability do?

By examining the source codes of Jquery, which is a Javascript library, harmful codes can be run in these codes. Thanks to these malicious codes, much information, including personal information, can be captured and operations can be performed on computers.
jQuery software used a regex in its jQuery.htmlPrefilter method to ensure that closing tags were XHTML-compliant when passed to methods. The developers behind jQuery described the moderate severity vulnerability as something that only came into play in “edge cases where parsing would have unintended consequences”. The XSS vulnerability resolved last month meant that “passing HTML from untrusted sources – even after sanitizing it – to one of jQuery’s DOM manipulation methods (such as .html(), .append(), and others) may execute untrusted code,” according to the write-up on GitHub.

xss-vulnerability

How to find the Jquery version used?

  • First of all, the source code of the page is examined and the jquery version used is found.

jquery-version-used

  • One of the most effective methods is to type this command “console.log($.fn.jquery)” in the developer console.

command

Mitigation and Remediation

What should be done to protect from JQuery XSS vulnerability in the system?

  • If the JQuery version used contains an XSS vulnerability, the current version should be updated to the latest version.
  • The JQuery version should be checked frequently to see if there are any vulnerabilities.

References:

https://portswigger.net/daily-swig/jquery-xss-vulnerability-affects-other-apps-warns-security-researcher

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11023

https://nvd.nist.gov/vuln/detail/cve-2020-11022

https://nvd.nist.gov/vuln/detail/CVE-2020-7656

https://nvd.nist.gov/vuln/detail/CVE-2018-18405

https://nvd.nist.gov/vuln/detail/cve-2015-9251

https://nvd.nist.gov/vuln/detail/CVE-2011-4969

https://jquery.com/download/

More posts

This image is about monthly vulnerabilities for September 2024.
Peek into Monthly Vulnerabilities: September 2024
October 9, 2024
This image is about the ServiceNow data leak.
ServiceNow Data Leak: Risks of Misconfigured Knowledge Bases
September 18, 2024
This image is about monthly vulnerabilities for July 2024.
Peek into Monthly Vulnerabilities: July 2024
August 12, 2024
This image is about cyber strategies for the Paris Olympics 2024.
Securing the Games: Cyber Strategies for Paris Olympics 2024
August 9, 2024
This image is about Russian influence operations targeting the Paris Olympics 2024.
Hunter’s Lens: Russian Influence Operations Targeting the Paris Olympics 2024
August 2, 2024
View All
advanced divider

Share this article

Found it interesting? Don’t hesitate to share it to wow your friends or colleagues
advanced divider
Subscribe to our blog newsletter to follow the latest posts
Stay informed with the latest updates, expert insights, and in-depth analysis from ThreatMon’s cybersecurity intelligence. Subscribe to receive critical news, threat reports, and industry trends directly in your inbox, helping you stay ahead of emerging cyber threats.

Platform

Subscriptions

Solutions

Resources

Partner

Company

© 2024 ThreatMon. All rights reserved.
X-twitter Linkedin-in Github