Severity: high

Cross-Site Scripting (XSS)

jquery

Overview

Affected versions of jquery interpret text/javascript responses from cross-origin ajax requests, and automatically execute the contents in jQuery.globalEval, even when the ajax request doesn't contain the dataType option.

Remediation

Update to version 3.0.0 or later.

Advisory timeline

  1. published

    Advisory published
    Mar 21st, 2017
  2. reported

    Mar 20th, 2017