TRIAL REQUEST A DEMO LOGIN

jQuery - XSS vulnerability on versions under 3.5.0, via the htmlPrefilter method.

Impact area

Security

Severity

High

Affected element

ServiceNow

UI Script

Salesforce

Static Resource


Rule number

SN-JSL-JQUERY-LESSTHAN-V350(for ServiceNow)

SF-JSL-JQUERY-LESSTHAN-V350(for Salesforce)

Impact

jQuery used a regex in its jQuery.htmlPrefilter method to ensure that all closing tags were XHTML-compliant when passed to methods. An issue has been reported that demonstrated the regex could introduce a cross-site scripting (XSS) vulnerability.

Remediation

Update jQuery to the latest version.

Time to fix

30 min

What's here


Related content

JavaScript rules

JavaScript best practices

Common Weakness Enumeration (CWE™)

Vulnerabilities in Open Source Libraries




Last modified on Sep 6, 2021
Copyright © QualityClouds 2021