Affected versions of
jquery are vulnerable to cross-site scripting. This occurs because the main
jquery function uses a regular expression to differentiate between HTML and selectors, but does not properly anchor the regular expression. The result is that
jquery may interpret HTML as selectors when given certain inputs, allowing for client side code execution.
Proof of Concept
$("#log").html( $("element[attribute='<img src=\"x\" onerror=\"alert(1)\" />']").html() );
Update to version 1.9.0 or later.
publishedAdvisory publishedMar 21st, 2017
reportedInitial report by Richard GibsonMar 20th, 2017