Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
jQuery Number Of NVD 11 CRITICAL 0 HIGH 1 MEDIUM 10 LOW 0
URL https://jquery.com/
Explanation It is a library that makes javascript easy to use and absorbs differences between browsers so that you can focus on development.
It makes it easy to manipulate HTML elements and build sites with movement.
Asynchronous communication called Ajax is also used in many sites because it can be implemented without being aware of the differences between browsers.

jquery1.X and 2.X are no longer supported, but may be fixed in case of serious security issues.
Tag
  • Javascript
  • MIT License
Add Information URL
No Type Name URL
1 https://github.com/jquery/jquery
2 https://blog.jquery.com/
3 https://github.com/jquery/jquery.com/issues/162
4 https://github.com/jquery/jquery/issues
List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support		 Extended
for a fee		 Critical High Medium Low
1 Jquery 3 3.7.1 Aug. 28, 2023 June 9, 2016 0 1 3 0
2 jQuery 2 2.2.4 May 21, 2016 April 18, 2013 Jan. 1, 1900 0 0 5 0
3 jQuery 1 1.12.4 May 21, 2016 Aug. 26, 2006 Jan. 1, 1900 0 0 8 0
4 Jquery - - 0 0 6 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2		 Level
Attach Vector		 Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date		 Show Affected Exploit
PoC
Search
1 6.1
4.3 		MEDIUM
Network 		jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >… CWE-79
Cross-site Scripting 		CVE-2020-7656 cpe:2.3:a:jquery:jquery:*:* 1.9.0 2024-11-21 14:37
2020-05-20 		Show GitHub Exploit DB Packet Storm
2 6.1
4.3 		MEDIUM
Network 		In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may… CWE-79
Cross-site Scripting 		CVE-2020-11022 cpe:2.3:a:jquery:jquery:*:* 1.2 3.5.0 2026-04-14 00:16
2020-04-30 		Show GitHub Exploit DB Packet Storm
3 6.1
4.3 		MEDIUM
Network 		In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation m… - CVE-2020-11023 cpe:2.3:a:jquery:jquery:*:* 1.0.3 3.5.0 2024-11-21 13:56
2020-04-30 		Show GitHub Exploit DB Packet Storm
4 6.1
4.3 		MEDIUM
Network 		jQuery v2.2.2 allows XSS via a crafted onerror attribute of an IMG element. NOTE: this vulnerability has been reported to be spam entry CWE-79
Cross-site Scripting 		CVE-2018-18405 cpe:2.3:a:jquery:jquery:2.2.2:* 2024-11-21 12:55
2020-04-23 		Show GitHub Exploit DB Packet Storm
5 6.1
4.3 		MEDIUM
Network 		jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an e… CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2019-11358 cpe:2.3:a:jquery:jquery:*:* 3.4.0 2024-11-21 13:20
2019-04-20 		Show GitHub Exploit DB Packet Storm
6 7.5
5.0 		HIGH
Network 		jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to removing a logic that lowercased attribute names. Any attribute getter using a mixed-cased name for boolean attributes goes into an i… CWE-674
 Uncontrolled Recursion 		CVE-2016-10707 cpe:2.3:a:jquery:jquery:3.0.0:rc1 2024-11-21 11:44
2018-01-19 		Show GitHub Exploit DB Packet Storm
7 6.1
4.3 		MEDIUM
Network 		jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. CWE-79
Cross-site Scripting 		CVE-2015-9251 cpe:2.3:a:jquery:jquery:*:* 3.0.0 2024-11-21 11:40
2018-01-19 		Show GitHub Exploit DB Packet Storm
8 6.1
4.3 		MEDIUM
Network 		jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery… CWE-79
Cross-site Scripting 		CVE-2012-6708 cpe:2.3:a:jquery:jquery:*:* 1.9.0 2024-11-21 10:46
2018-01-19 		Show GitHub Exploit DB Packet Storm
9 6.1
4.3 		MEDIUM
Network 		jQuery 1.4.2 allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to use of the text method inside after. CWE-79
Cross-site Scripting 		CVE-2014-6071 cpe:2.3:a:jquery:jquery:1.4.2:* 2024-11-21 11:13
2018-01-17 		Show GitHub Exploit DB Packet Storm
10 -
4.3 		MEDIUM Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag. CWE-79
Cross-site Scripting 		CVE-2011-4969 cpe:2.3:a:jquery:jquery:1.6:*
cpe:2.3:a:jquery:jquery:1.6.1:*
cpe:2.3:a:jquery:jquery:*:* 		1.6.2 2024-11-21 10:33
2013-03-9 		Show GitHub Exploit DB Packet Storm