TRIAL REQUEST A DEMO LOGIN

jQuery - XSS vulnerability under 3.0.0, when making cross-domain calls without the dataType option

Impact area

Security

Severity

High

Affected element

ServiceNow

UI Script

Salesforce

Static Resource


Rule number

SN-JSL-013 (for ServiceNow)

SF-JSL-013 (for Salesforce)

Impact

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.

Remediation

Update jQuery to the latest version.

Time to fix

30 min

What's here


Related content

JavaScript rules

JavaScript best practices

Common Weakness Enumeration (CWE™)

Vulnerabilities in Open Source Libraries




Last modified on Aug 19, 2020
Copyright © QualityClouds 2021