216.73.217.24

CVE-2025-3573

· Published 15/04/2025 05:15 · Modified 15/04/2025 18:39

Labels: CVE-2025-3573 2025-04-15CVE-2025-3573CWE-79[email protected]

Essential information

Published
15/04/2025 05:15
Modified
15/04/2025 18:39
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
jquery / jquery-validation cpe:2.3:a:jquery:jquery-validation:<1.20.0:*:*:*:*:*:*:*

References