Cross-Site Scripting (XSS)

Module: jquery

Published: March 21st, 2017

Reported by: Egor Homakov


Vulnerable: >=1.4.0 <=1.11.3 || >=1.12.4 <=2.2.4
Patched: >=3.0.0


Jquery is a javascript library for DOM traversal and manipulation, event handling, animation, and Ajax.

When text/javascript responses are received from cross-origin ajax requests not containing the option dataType, the result is executed in jQuery.globalEval potentially allowing an attacker to execute arbitrary code on the origin.


Upgrade to v3.0.0 or greater.


Sign up FREE for
nsp Continuous Security

Free for open source and the first private repo,
then just $1/mo per private repo