jQuery Validation Vulnerabilities
-
In your module White Label CMS is using jQuery Validation Plugin version 1.17.0 which is affected by several security vulnerabilities, primarily related to Regular Expression Denial of Service (ReDoS) and Cross-site Scripting (XSS). [1, 2]
To secure your application, it is recommended to update to version 1.22.1 or later. [1]
High Severity Vulnerabilities
- ReDoS (CVE-2021-21252 & CVE-2022-31147): This version contains regular expressions used for URL and email validation that are susceptible to catastrophic backtracking. An attacker can provide a specially crafted input that causes the server or client’s CPU usage to spike, effectively freezing the application (Denial of Service).
- Fixed in: Version 1.19.5.
- XSS (CVE-2024-52301 / CVE-2025-3573): Vulnerabilities exist in the
showLabel()function and how the plugin handles user-controlled placeholders in localized dictionaries. An attacker could execute arbitrary JavaScript by injecting malicious payloads into these input fields, potentially stealing user data or sessions.
Recommendation
If are currently using version 1.17.0, you should upgrade the jQuery Validation Library immediately. Version 1.17.0 has been flagged as having at least one high-severity vulnerability by the NVD and NuGet. [1, 2, 3]
- ReDoS (CVE-2021-21252 & CVE-2022-31147): This version contains regular expressions used for URL and email validation that are susceptible to catastrophic backtracking. An attacker can provide a specially crafted input that causes the server or client’s CPU usage to spike, effectively freezing the application (Denial of Service).
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
You must be logged in to reply to this topic.
