Cross Site Scripting Vulnerability in jQuery UI by jQuery
CVE-2024-30875

Currently unrated

Key Information:

Vendor: jQuery
Status: jQuery UI
Vendor: CVE Published:; 17 October 2024

Summary

A Cross Site Scripting (XSS) vulnerability exists in the jQuery UI JavaScript library, specifically in version 1.13.1. This flaw enables remote attackers to potentially obtain sensitive information and execute arbitrary code by crafting specific payloads targeted at the window.addEventListener component. The vendor has disputed the claims, stating that the vulnerability could not be reproduced and that the exploit example does not clarify how the jQuery UI is utilized on the affected website.

References

https://github.com/Ant1sec-ops/CVE-2024-30875

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Mar 27, 2024