Description
jquery-validation vulnerable to Cross-site Scripting
Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 13 | | =4:5.2.2-really+dfsg-1 || >=0 <4:5.2.2-really+dfsg-1+deb13u1 | 4:5.2.2-really+dfsg-1+deb13u1 |
debian 11 | | =5.33.2+dfsg1-1 || =5.50.1+dfsg1-1 || =5.50.3+dfsg1-1 || =5.52.2+dfsg1-1 || =5.53.0+dfsg1-1 || =5.68.1+dfsg1-1 | - |
debian 14 | | =6.3.2-3 || =6.3.3-1 || =6.3.3-1~bpo11+1 || =6.3.4-1 || =6.3.4-1~bpo11+1 || =6.4.2-1 || =6.4.2-1~bpo11+1 || =6.4.2-2 || =6.4.3-1 || =6.4.3-1~bpo11+1 || =6.4.4-1 || =6.4.5-1 || =6.4.5-1~bpo11+1 || =6.4.5-2 || =6.5.1-1 || =6.5.10-1 || =6.5.10-1~bpo12+1 || =6.5.11-1 || =6.5.11-1~bpo12+1 || =6.5.13-1 || =6.5.14-1 || =6.5.14-1~bpo12+1 || =6.5.15-1 || =6.5.15-2 || =6.5.15-2~bpo12+1 || =6.5.3-1 || =6.5.3-1~bpo12+1 || =6.5.4-1 || =6.5.4-1~bpo12+1 || =6.5.5-1 || =6.5.5-1~bpo12+1 || =6.5.6-1 || =6.5.6-1~bpo12+1 || =6.5.8-1 || =6.5.8-1~bpo12+1 || =6.5.9-1 || =6.5.9-1~bpo12+1 || >=0 <6.5.16-1 | 6.5.16-1 |
debian 13 | | | 0.8.3.2-1 |
debian 11 | | =4:5.0.4+dfsg2-2 || =4:5.0.4+dfsg2-2+deb11u1 || =4:5.0.4+dfsg2-2+deb11u2 || =4:5.1.1+dfsg1-1 || =4:5.1.1+dfsg1-2 || =4:5.1.1+dfsg1-3 || =4:5.1.1+dfsg1-4 || =4:5.1.1+dfsg1-4~bpo11+1 || =4:5.1.1+dfsg1-5 || =4:5.1.3+dfsg1-1 || =4:5.1.4+dfsg1-1 || =4:5.1.4+dfsg1-1~bpo11+1 || =4:5.1.4+dfsg1-2 || =4:5.1.4+dfsg1-2~bpo11+1 || =4:5.1.4+dfsg1-3 || =4:5.2.0+dfsg1-1 || =4:5.2.0+dfsg1-2 || =4:5.2.1+dfsg-1 || =4:5.2.1+dfsg-1~bpo11+1 || =4:5.2.1+dfsg-2 || =4:5.2.1+dfsg-3 || =4:5.2.1+dfsg-4 || =4:5.2.2-dev+759fe912a-1 || =4:5.2.2-really+dfsg-1 || =4:5.2.2-really+dfsg-2 || =4:5.2.2-really5.2.2+20241130+dfsg-1 || =4:5.2.2-really5.2.2+20241228+dfsg-1 || =4:5.2.2-really5.2.2+20250114+dfsg-1 || =4:5.2.2-really5.2.2+20250121+dfsg-1 || =4:5.2.3+dfsg-1 | - |
debian 12 | | =4:5.2.1+dfsg-1 || =4:5.2.1+dfsg-1+deb12u1 || =4:5.2.1+dfsg-2 || =4:5.2.1+dfsg-3 || =4:5.2.1+dfsg-4 || =4:5.2.2-dev+759fe912a-1 || =4:5.2.2-really+dfsg-1 || =4:5.2.2-really+dfsg-2 || =4:5.2.2-really5.2.2+20241130+dfsg-1 || =4:5.2.2-really5.2.2+20241228+dfsg-1 || =4:5.2.2-really5.2.2+20250114+dfsg-1 || =4:5.2.2-really5.2.2+20250121+dfsg-1 || =4:5.2.3+dfsg-1 | - |
debian 12 | | =6.3.2-3 || =6.3.3-1 || =6.3.3-1~bpo11+1 || =6.3.4-1 || =6.3.4-1~bpo11+1 || =6.4.2-1 || =6.4.2-1~bpo11+1 || =6.4.2-2 || =6.4.3-1 || =6.4.3-1~bpo11+1 || =6.4.4-1 || =6.4.5-1 || =6.4.5-1~bpo11+1 || =6.4.5-2 || =6.5.1-1 || =6.5.10-1 || =6.5.10-1~bpo12+1 || =6.5.11-1 || =6.5.11-1~bpo12+1 || =6.5.13-1 || =6.5.14-1 || =6.5.14-1~bpo12+1 || =6.5.15-1 || =6.5.15-2 || =6.5.15-2~bpo12+1 || =6.5.16-1 || =6.5.18-1 || =6.5.18-1~bpo13+1 || =6.5.19-1 || =6.5.20-1 || =6.5.3-1 || =6.5.3-1~bpo12+1 || =6.5.4-1 || =6.5.4-1~bpo12+1 || =6.5.5-1 || =6.5.5-1~bpo12+1 || =6.5.6-1 || =6.5.6-1~bpo12+1 || =6.5.8-1 || =6.5.8-1~bpo12+1 || =6.5.9-1 || =6.5.9-1~bpo12+1 | - |
debian 13 | | =6.3.2-3 || =6.3.3-1 || =6.3.3-1~bpo11+1 || =6.3.4-1 || =6.3.4-1~bpo11+1 || =6.4.2-1 || =6.4.2-1~bpo11+1 || =6.4.2-2 || =6.4.3-1 || =6.4.3-1~bpo11+1 || =6.4.4-1 || =6.4.5-1 || =6.4.5-1~bpo11+1 || =6.4.5-2 || =6.5.1-1 || =6.5.10-1 || =6.5.10-1~bpo12+1 || =6.5.11-1 || =6.5.11-1~bpo12+1 || =6.5.13-1 || =6.5.14-1 || =6.5.14-1~bpo12+1 || =6.5.15-1 || =6.5.15-2 || =6.5.15-2~bpo12+1 || =6.5.16-1 || =6.5.18-1 || =6.5.18-1~bpo13+1 || =6.5.19-1 || =6.5.20-1 || =6.5.3-1 || =6.5.3-1~bpo12+1 || =6.5.4-1 || =6.5.4-1~bpo12+1 || =6.5.5-1 || =6.5.5-1~bpo12+1 || =6.5.6-1 || =6.5.6-1~bpo12+1 || =6.5.8-1 || =6.5.8-1~bpo12+1 || =6.5.9-1 || =6.5.9-1~bpo12+1 | - |
 npm | | | 1.20.0 |
 rpm rhel10 | | - | - |
