jQuery - XSS vulnerability under 3.0.0, when making cross-domain calls without the dataType option
Impact area
Security
Severity
High
Affected element
ServiceNow
UI Script
Salesforce
Static Resource
Rule number
SN-JSL-013 (for ServiceNow)
SF-JSL-013 (for Salesforce)
Impact
jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
Remediation
Update jQuery to the latest version.
Time to fix
30 min