We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-3573



Description

Versions of the package jquery-validation before 1.20.0 are vulnerable to Cross-site Scripting (XSS) in the showLabel() function, which may take input from a user-controlled placeholder value. This value will populate a message via $.validator.messages in a user localizable dictionary.

Reserved 2025-04-14 | Published 2025-04-15 | Updated 2025-04-15 | Assigner snyk


MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:NMEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

Cross-site Scripting (XSS)

Credits

Volkan Ceylan

References

security.snyk.io/vuln/SNYK-JS-JQUERYVALIDATION-5952285

github.com/jquery-validation/jquery-validation/pull/2462

github.com/...ommit/7a490d8f39bd988027568ddcf51755e1f4688902

cve.org (CVE-2025-3573)

nvd.nist.gov (CVE-2025-3573)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-3573

Support options

Helpdesk Chat, Email, Knowledgebase