Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3573

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

Published

2025-04-15T05:15:31.007

Last Modified

2025-04-15T18:39:27.967

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
Type: Secondary
CWE-79

Affected Vendors & Products

References

https://github.com/jquery-validation/jquery-validation/commit/7a490d8f39bd988027568ddcf51755e1f4688902 ([email protected])
https://github.com/jquery-validation/jquery-validation/pull/2462 ([email protected])
https://security.snyk.io/vuln/SNYK-JS-JQUERYVALIDATION-5952285 ([email protected])